When the blacklist keyring was changed to allow updates from the root user it gained an ->update() function that disallows all updates. When the a hash is blacklisted multiple times from the builtin or firmware-provided blacklist this spams prominent logs during boot: [ 0.890814] blacklist: Problem blacklisting hash (-13) This affects the firmware of various vendors. Reported have been at least: * Samsung: https://askubuntu.com/questions/1436856/ * Acer: https://ubuntuforums.org/showthread.php?t=2478840 * MSI: https://forum.archlabslinux.com/t/blacklist-problem-blacklisting-hash-13-errors-on-boot/6674/7 * Micro-Star: https://bbs.archlinux.org/viewtopic.php?id=278860 This series is an extension of the following single patch: https://lore.kernel.org/all/20221104014704.3469-1-linux@xxxxxxxxxxxxxx/ Only the first patch has been marked for stable as otherwise the whole of key_create() would need to be applied to stable. Thomas Weißschuh (3): certs: log more information on blacklist error KEYS: Add key_create() certs: don't try to update blacklist keys certs/blacklist.c | 23 ++++--- include/linux/key.h | 8 +++ security/keys/key.c | 149 +++++++++++++++++++++++++++++++++----------- 3 files changed, 133 insertions(+), 47 deletions(-) base-commit: f141df371335645ce29a87d9683a3f79fba7fd67 -- 2.38.1
