Merge tag 'nfsd-6.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux (2023-08-17 16:38:48 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-v6.6 for you to fetch changes up to 218a2680624cba1611e3dfc7d9b646d240e5f855: certs: Reference revocation list for all keyrings (2023-08-17 20:12:41 +0000) ---------------------------------------------------------------- Hi, Contents: - Restrict linking of keys to .ima and .evm keyrings based on digitalSignature attribute in the certificate. - PowerVM: load machine owner keys into the .machine [1] keyring. - PowerVM: load module signing keys into the secondary trusted keyring (keys blessed by the vendor). - tpm_tis_spi: half-duplex transfer mode - tpm_tis: retry corrupted transfers - Apply revocation list (.mokx) to an all system keyrings (e.g. .machine keyring). [1] https://blogs.oracle.com/linux/post/the-machine-keyring BR, Jarkko ---------------------------------------------------------------- Alexander Steffen (3): tpm_tis: Move CRC check to generic send routine tpm_tis: Use responseRetry to recover from data transfer errors tpm_tis: Resend command to recover from data transfer errors Azeem Shaikh (1): KEYS: Replace all non-returning strlcpy with strscpy Colin Ian King (1): tpm: remove redundant variable len Eric Snowberg (3): KEYS: DigitalSignature link restriction integrity: Enforce digitalSignature usage in the ima and evm keyrings certs: Reference revocation list for all keyrings Jarkko Sakkinen (1): tpm_tis: Revert "tpm_tis: Disable interrupts on ThinkPad T490s" Krishna Yarlagadda (1): tpm_tis_spi: Add hardware wait polling Li Zetao (1): tpm/tpm_tis_synquacer: Use module_platform_driver macro to simplify the code Nayna Jain (6): integrity: PowerVM support for loading CA keys on machine keyring integrity: ignore keys failing CA restrictions on non-UEFI platform integrity: remove global variable from machine_keyring.c integrity: check whether imputed trust is enabled integrity: PowerVM machine keyring enablement integrity: PowerVM support for loading third party code signing keys Documentation/admin-guide/kernel-parameters.txt | 7 ++ certs/system_keyring.c | 91 +++++++++++++++++++-- crypto/asymmetric_keys/restrict.c | 44 ++++++++++ drivers/char/tpm/eventlog/tpm1.c | 3 +- drivers/char/tpm/tpm_tis.c | 93 +--------------------- drivers/char/tpm/tpm_tis_core.c | 60 ++++++++++---- drivers/char/tpm/tpm_tis_core.h | 1 + drivers/char/tpm/tpm_tis_spi_main.c | 91 ++++++++++++++++++++- drivers/char/tpm/tpm_tis_synquacer.c | 18 +---- include/crypto/public_key.h | 12 +++ include/keys/system_keyring.h | 14 ++++ security/integrity/Kconfig | 4 +- security/integrity/digsig.c | 6 +- security/integrity/evm/Kconfig | 3 +- security/integrity/ima/Kconfig | 3 +- security/integrity/integrity.h | 5 +- .../integrity/platform_certs/keyring_handler.c | 19 ++++- .../integrity/platform_certs/keyring_handler.h | 10 +++ security/integrity/platform_certs/load_powerpc.c | 34 ++++++++ .../integrity/platform_certs/machine_keyring.c | 22 ++++- security/keys/request_key_auth.c | 2 +- 21 files changed, 394 insertions(+), 148 deletions(-)
