Linux Integrity

Date Index

Re: [PATCH v8 15/17] efi/mokvar: move up init order, (continued)
- [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Eric Snowberg
  - Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Darren Kenny
  - Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Morten Linderud
    - Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Eric Snowberg
      - Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Morten Linderud
        
        Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, James Bottomley
        
        Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Ard Biesheuvel
    - Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Ard Biesheuvel
      - Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Morten Linderud
    - Re: [PATCH v8 16/17] integrity: Trust MOK keys if MokListTrustedRT found, James Bottomley
- [PATCH v8 08/17] integrity: add new keyring handler for mok keys, Eric Snowberg
  - Re: [PATCH v8 08/17] integrity: add new keyring handler for mok keys, Jarkko Sakkinen
- [PATCH v8 01/17] KEYS: Create static version of public_key_verify_signature, Eric Snowberg
- Re: [PATCH v8 00/17] Enroll kernel keys thru MOK, Jarkko Sakkinen
[PATCH v30 15/28] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH v30 13/28] LSM: Use lsmblob in security_cred_getsecid, Casey Schaufler
[PATCH v30 12/28] LSM: Use lsmblob in security_inode_getsecid, Casey Schaufler
[PATCH v30 11/28] LSM: Use lsmblob in security_task_getsecid, Casey Schaufler
[PATCH 0/2] selftests: tpm2: Probe for available PCR bank, Stefan Berger
- [PATCH 1/2] selftests: tpm: Probe for available PCR bank, Stefan Berger
  - Re: [PATCH 1/2] selftests: tpm: Probe for available PCR bank, Marc-André Lureau
  - Re: [PATCH 1/2] selftests: tpm: Probe for available PCR bank, Jarkko Sakkinen
- [PATCH 2/2] selftests: tpm2: Reset the dictionary attack lock, Stefan Berger
  - Re: [PATCH 2/2] selftests: tpm2: Reset the dictionary attack lock, Marc-André Lureau
[PATCH v7 00/17] Enroll kernel keys thru MOK, Eric Snowberg
- [PATCH v7 05/17] KEYS: CA link restriction, Eric Snowberg
- [PATCH v7 12/17] KEYS: integrity: change link restriction to trust the machine keyring, Eric Snowberg
  - Re: [PATCH v7 12/17] KEYS: integrity: change link restriction to trust the machine keyring, Mimi Zohar
- [PATCH v7 04/17] X.509: Parse Basic Constraints for CA, Eric Snowberg
  - Re: [PATCH v7 04/17] X.509: Parse Basic Constraints for CA, Mimi Zohar
    - Re: [PATCH v7 04/17] X.509: Parse Basic Constraints for CA, Eric Snowberg
- [PATCH v7 01/17] integrity: Introduce a Linux keyring called machine, Eric Snowberg
  - Re: [PATCH v7 01/17] integrity: Introduce a Linux keyring called machine, Mimi Zohar
- [PATCH v7 06/17] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, Eric Snowberg
  - Re: [PATCH v7 06/17] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, kernel test robot
- [PATCH v7 02/17] integrity: Do not allow machine keyring updates following init, Eric Snowberg
  - Re: [PATCH v7 02/17] integrity: Do not allow machine keyring updates following init, Mimi Zohar
- [PATCH v7 07/17] integrity: Fix warning about missing prototypes, Eric Snowberg
  - Re: [PATCH v7 07/17] integrity: Fix warning about missing prototypes, Mimi Zohar
- [PATCH v7 13/17] KEYS: link secondary_trusted_keys to machine trusted keys, Eric Snowberg
  - Re: [PATCH v7 13/17] KEYS: link secondary_trusted_keys to machine trusted keys, Mimi Zohar
    - Re: [PATCH v7 13/17] KEYS: link secondary_trusted_keys to machine trusted keys, Eric Snowberg
- [PATCH v7 15/17] efi/mokvar: move up init order, Eric Snowberg
- [PATCH v7 14/17] integrity: store reference to machine keyring, Eric Snowberg
- [PATCH v7 16/17] integrity: Trust MOK keys if MokListTrustedRT found, Eric Snowberg
- [PATCH v7 10/17] KEYS: add a reference to machine keyring, Eric Snowberg
- [PATCH v7 11/17] KEYS: Introduce link restriction for machine keys, Eric Snowberg
  - Re: [PATCH v7 11/17] KEYS: Introduce link restriction for machine keys, Mimi Zohar
    - Re: [PATCH v7 11/17] KEYS: Introduce link restriction for machine keys, Eric Snowberg
- [PATCH v7 17/17] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true, Eric Snowberg
- [PATCH v7 09/17] KEYS: Rename get_builtin_and_secondary_restriction, Eric Snowberg
  - Re: [PATCH v7 09/17] KEYS: Rename get_builtin_and_secondary_restriction, Mimi Zohar
- [PATCH v7 08/17] integrity: add new keyring handler for mok keys, Eric Snowberg
  - Re: [PATCH v7 08/17] integrity: add new keyring handler for mok keys, Mimi Zohar
- [PATCH v7 03/17] KEYS: Create static version of public_key_verify_signature, Eric Snowberg
  - Re: [PATCH v7 03/17] KEYS: Create static version of public_key_verify_signature, Mimi Zohar
    - Re: [PATCH v7 03/17] KEYS: Create static version of public_key_verify_signature, Mimi Zohar
- Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Jarkko Sakkinen
  - Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Konrad Rzeszutek Wilk
    - Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Jarkko Sakkinen
      - Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Konrad Rzeszutek Wilk
        
        Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Jarkko Sakkinen
        
        Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Jarkko Sakkinen
        
        Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Konrad Rzeszutek Wilk
        
        Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Eric Snowberg
        
        Re: [PATCH v7 00/17] Enroll kernel keys thru MOK, Jarkko Sakkinen
[PATCH v17 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
- [PATCH v17 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Mickaël Salaün
- [PATCH v17 2/3] arch: Wire up trusted_for(2), Mickaël Salaün
- [PATCH v17 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
- Re: [PATCH v17 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
- Re: [PATCH v17 0/3] Add trusted_for(2) (was O_MAYEXEC), Florian Weimer
  - Re: [PATCH v17 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
    - Re: [PATCH v17 0/3] Add trusted_for(2) (was O_MAYEXEC), Mimi Zohar
- Re: [PATCH v17 0/3] Add trusted_for(2) (was O_MAYEXEC), Kees Cook
[PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Uwe Kleine-König
- Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Jarkko Sakkinen
  - Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Uwe Kleine-König
    - Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Jarkko Sakkinen
      - Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Uwe Kleine-König
        
        Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Uwe Kleine-König
        
        Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Uwe Kleine-König
        
        Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Jarkko Sakkinen
        
        [PATCH] char: tpm: cr50_i2c: Suppress duplicated error message in .remove(), Uwe Kleine-König
        
        Re: [PATCH] char: tpm: cr50_i2c: Suppress duplicated error message in .remove(), Jarkko Sakkinen
        
        Re: [PATCH] char: tpm: cr50_i2c: Suppress duplicated error message in .remove(), Jarkko Sakkinen
        
        Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Jason Gunthorpe
        
        Re: [PATCH] char: tpm: cr50_i2c: Drop if with an always false condition, Jarkko Sakkinen
[RFC][PATCH 0/5] shmem/fsverity: Prepare for mandatory integrity enforcement, Roberto Sassu
- [RFC][PATCH 1/5] fsverity: Introduce fsverity_get_file_digest(), Roberto Sassu
- [RFC][PATCH 2/5] fsverity: Revalidate built-in signatures at file open, Roberto Sassu
  - Re: [RFC][PATCH 2/5] fsverity: Revalidate built-in signatures at file open, Eric Biggers
    - RE: [RFC][PATCH 2/5] fsverity: Revalidate built-in signatures at file open, Roberto Sassu
- [RFC][PATCH 3/5] fsverity: Do initialization earlier, Roberto Sassu
- [RFC][PATCH 4/5] shmem: Avoid segfault in shmem_read_mapping_page_gfp(), Roberto Sassu
  - Re: [RFC][PATCH 4/5] shmem: Avoid segfault in shmem_read_mapping_page_gfp(), Ajay Garg
    - RE: [RFC][PATCH 4/5] shmem: Avoid segfault in shmem_read_mapping_page_gfp(), Roberto Sassu
  - Re: [RFC][PATCH 4/5] shmem: Avoid segfault in shmem_read_mapping_page_gfp(), Eric Biggers
    - RE: [RFC][PATCH 4/5] shmem: Avoid segfault in shmem_read_mapping_page_gfp(), Roberto Sassu
- [RFC][PATCH 5/5] shmem: Add fsverity support, Roberto Sassu
  - Re: [RFC][PATCH 5/5] shmem: Add fsverity support, Eric Biggers
    - RE: [RFC][PATCH 5/5] shmem: Add fsverity support, Roberto Sassu
      - Re: [RFC][PATCH 5/5] shmem: Add fsverity support, Eric Biggers
        
        RE: [RFC][PATCH 5/5] shmem: Add fsverity support, Roberto Sassu
[PATCH v4 0/2] integrity: support including firmware ".platform" keys at build time, Nayna Jain
- [PATCH v4 1/2] certs: export load_certificate_list() to be used outside certs/, Nayna Jain
- [PATCH v4 2/2] integrity: support including firmware ".platform" keys at build time, Nayna Jain
  - Re: [PATCH v4 2/2] integrity: support including firmware ".platform" keys at build time, Mimi Zohar
[PATCH v16 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
- [PATCH v16 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
  - Re: [PATCH v16 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Alejandro Colomar (man-pages)
    - Re: [PATCH v16 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
      - Re: [PATCH v16 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Alejandro Colomar (man-pages)
        
        Re: [PATCH v16 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
        
        Re: [PATCH v16 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Geert Uytterhoeven
        
        Re: [PATCH v16 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Alejandro Colomar (man-pages)
- [PATCH v16 2/3] arch: Wire up trusted_for(2), Mickaël Salaün
- [PATCH v16 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Mickaël Salaün
[RFC PATCH] ima: differentiate overlay, pivot_root, and other pathnames, Mimi Zohar
- <Possible follow-ups>
- Re: [RFC PATCH] ima: differentiate overlay, pivot_root, and other pathnames, Mimi Zohar
[PATCH] tpm_tis: Fix an error handling path in 'tpm_tis_core_init()', Christophe JAILLET
- Re: [PATCH] tpm_tis: Fix an error handling path in 'tpm_tis_core_init()', Jarkko Sakkinen
[PATCH 0/2] Additional appended signature cleanup, Michal Suchanek
- [PATCH 2/2] module: Move duplicate mod_check_sig users code to mod_parse_sig, Michal Suchanek
- [PATCH 1/2] module: Use key_being_used_for for log messages in verify_appended_signature, Michal Suchanek
ima-evm-utils: version 1.4 released, Mimi Zohar
- Re: ima-evm-utils: version 1.4 released, Petr Vorel
  - Re: ima-evm-utils: version 1.4 released, Lakshmi Ramasubramanian
    - Re: ima-evm-utils: version 1.4 released, Mimi Zohar
      - Re: ima-evm-utils: version 1.4 released, Petr Vorel
        
        Re: ima-evm-utils: version 1.4 released, Mimi Zohar
        
        Re: ima-evm-utils: version 1.4 released, Petr Vorel
        
        Re: ima-evm-utils: version 1.4 released, Mimi Zohar
        
        Re: ima-evm-utils: version 1.4 released, Petr Vorel
    - Re: ima-evm-utils: version 1.4 released, Petr Vorel
    - Re: ima-evm-utils: version 1.4 released, Ken Goldman
      - Re: ima-evm-utils: version 1.4 released, Lakshmi Ramasubramanian
        
        Re: ima-evm-utils: version 1.4 released, Mimi Zohar
[PATCH RFC] integrity: disassociate ima_filter_rule from security_audit_rule, Casey Schaufler
- Re: [PATCH RFC] integrity: disassociate ima_filter_rule from security_audit_rule, Mimi Zohar
Disassociating ima_filter_rule* from security_audit_rule*, Casey Schaufler
- Re: Disassociating ima_filter_rule* from security_audit_rule*, Paul Moore
[PATCH v19 0/5] Add tpm i2c ptp driver, amirmizi6
- [PATCH v19 2/5] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", amirmizi6
  - Re: [PATCH v19 2/5] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", Jarkko Sakkinen
- [PATCH v19 5/5] tpm: Add YAML schema for TPM TIS I2C options, amirmizi6
- [PATCH v19 3/5] tpm: tpm_tis: Verify TPM_STS register is valid after locality request, amirmizi6
  - Re: [PATCH v19 3/5] tpm: tpm_tis: Verify TPM_STS register is valid after locality request, Jarkko Sakkinen
  - Re: [PATCH v19 3/5] tpm: tpm_tis: Verify TPM_STS register is valid after locality request, Jarkko Sakkinen
- [PATCH v19 4/5] tpm: tpm_tis: Add tpm_tis_i2c driver, amirmizi6
  - Re: [PATCH v19 4/5] tpm: tpm_tis: Add tpm_tis_i2c driver, Jarkko Sakkinen
  - Re: [PATCH v19 4/5] tpm: tpm_tis: Add tpm_tis_i2c driver, Joel Stanley
- [PATCH v19 1/5] tpm_tis: Fix expected bit handling, amirmizi6
RE: [RFC PATCH v7 14/16] scripts: add boot policy generation program, Roberto Sassu
- RE: [RFC PATCH v7 14/16] scripts: add boot policy generation program, Roberto Sassu
  - Re: [RFC PATCH v7 14/16] scripts: add boot policy generation program, Deven Bowers
RE: [RFC PATCH v7 04/16] ipe: add userspace interface, Roberto Sassu
- Re: [RFC PATCH v7 04/16] ipe: add userspace interface, Deven Bowers
[PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io, Mimi Zohar
- Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io, Vitaly Chikunov
  - Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io, Mimi Zohar
    - Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io, Mimi Zohar
    - Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io, Vitaly Chikunov
[PATCH v18 0/6] Add tpm i2c ptp driver, amirmizi6
- [PATCH v18 4/6] tpm: tpm_tis: Verify TPM_STS register is valid after locality request, amirmizi6
  - Re: [PATCH v18 4/6] tpm: tpm_tis: Verify TPM_STS register is valid after locality request, Jarkko Sakkinen
- [PATCH v18 3/6] tpm: Handle an exception for TPM Firmware Update mode., amirmizi6
  - Re: [PATCH v18 3/6] tpm: Handle an exception for TPM Firmware Update mode., Jarkko Sakkinen
- [PATCH v18 2/6] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", amirmizi6
- [PATCH v18 5/6] tpm: tpm_tis: Add tpm_tis_i2c driver, amirmizi6
  - Re: [PATCH v18 5/6] tpm: tpm_tis: Add tpm_tis_i2c driver, Jarkko Sakkinen
- [PATCH v18 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, amirmizi6
  - Re: [PATCH v18 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, Jarkko Sakkinen
- [PATCH v18 6/6] tpm: Add YAML schema for TPM TIS I2C options, amirmizi6
[GIT PULL] integrity subsystem updates for v5.16, Mimi Zohar
- Re: [GIT PULL] integrity subsystem updates for v5.16, pr-tracker-bot
[PATCH RESEND] KEYS: trusted: Fix trusted key backends when building as module, andreas
- Re: [PATCH RESEND] KEYS: trusted: Fix trusted key backends when building as module, Ahmad Fatoum
IMA testsuite?, Casey Schaufler
- Re: IMA testsuite?, Mimi Zohar
[PATCH v2] tpm: tpm_tis_spi_cr50: Add default RNG quality, AngeloGioacchino Del Regno
- Re: [PATCH v2] tpm: tpm_tis_spi_cr50: Add default RNG quality, Jarkko Sakkinen
  - Re: [PATCH v2] tpm: tpm_tis_spi_cr50: Add default RNG quality, Jarkko Sakkinen
[PATCH] evm: mark evm_fixmode as __ro_after_init, Austin Kim
- Re: [PATCH] evm: mark evm_fixmode as __ro_after_init, Mimi Zohar
[RESEND PATCH] tpm: tpm_tis_spi_cr50: Add default RNG quality, AngeloGioacchino Del Regno
[PATCH] tpm: tpm_tis_spi_cr50: Add default RNG quality, AngeloGioacchino Del Regno
- Re: [PATCH] tpm: tpm_tis_spi_cr50: Add default RNG quality, Jarkko Sakkinen
  - Re: [PATCH] tpm: tpm_tis_spi_cr50: Add default RNG quality, AngeloGioacchino Del Regno
    - Re: [PATCH] tpm: tpm_tis_spi_cr50: Add default RNG quality, Jarkko Sakkinen
      - Re: [PATCH] tpm: tpm_tis_spi_cr50: Add default RNG quality, AngeloGioacchino Del Regno
[PATCH] ima/evm: mark evm_fixmode as __ro_after_init, Austin Kim
- Re: [PATCH] ima/evm: mark evm_fixmode as __ro_after_init, Mimi Zohar
  - Re: [PATCH] ima/evm: mark evm_fixmode as __ro_after_init, Austin Kim
[PATCH v3 0/2] use SM3 instead of SM3_256, Tianjia Zhang
- [PATCH v3 1/2] crypto: use SM3 instead of SM3_256, Tianjia Zhang
  - Re: [PATCH v3 1/2] crypto: use SM3 instead of SM3_256, Jarkko Sakkinen
- [PATCH v3 2/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
  - Re: [PATCH v3 2/2] tpm: use SM3 instead of SM3_256, James Bottomley
- Re: [PATCH v3 0/2] use SM3 instead of SM3_256, Ard Biesheuvel
  - Re: [PATCH v3 0/2] use SM3 instead of SM3_256, James Bottomley
  - Re: [PATCH v3 0/2] use SM3 instead of SM3_256, Tianjia Zhang
[PATCH ima-evm-utils 1/2] switch to using crun for podman, Mimi Zohar
- [PATCH ima-evm-utils 2/2] upgrade to glibc-2.34 uses clone3 causing CI to fail, Mimi Zohar
  - Re: [PATCH ima-evm-utils 2/2] upgrade to glibc-2.34 uses clone3 causing CI to fail, Vitaly Chikunov
    - Re: [PATCH ima-evm-utils 2/2] upgrade to glibc-2.34 uses clone3 causing CI to fail, Petr Vorel
    - Re: [PATCH ima-evm-utils 2/2] upgrade to glibc-2.34 uses clone3 causing CI to fail, Dmitry V. Levin
- Re: [PATCH ima-evm-utils 1/2] switch to using crun for podman, Petr Vorel
  - Re: [PATCH ima-evm-utils 1/2] switch to using crun for podman, Mimi Zohar
[GIT PULL] TPM DEVICE DRIVER changes for v5.16, Jarkko Sakkinen
- Re: [GIT PULL] TPM DEVICE DRIVER changes for v5.16, pr-tracker-bot
RE: [RFC PATCH v7 00/16] Integrity Policy Enforcement (IPE), Roberto Sassu
- Re: [RFC PATCH v7 00/16] Integrity Policy Enforcement (IPE), Deven Bowers
  - RE: [RFC PATCH v7 00/16] Integrity Policy Enforcement (IPE), Roberto Sassu
    - Re: [RFC PATCH v7 00/16] Integrity Policy Enforcement (IPE), Deven Bowers
[PATCH v17 0/6] Add tpm i2c ptp driver, amirmizi6
- [PATCH v17 3/6] tpm: Handle an exception for TPM Firmware Update mode., amirmizi6
- [PATCH v17 6/6] tpm: Add YAML schema for TPM TIS I2C options, amirmizi6
- [PATCH v17 5/6] tpm: tpm_tis: Add tpm_tis_i2c driver, amirmizi6
  - Re: [PATCH v17 5/6] tpm: tpm_tis: Add tpm_tis_i2c driver, Randy Dunlap
- [PATCH v17 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, amirmizi6
  - Re: [PATCH v17 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, Jarkko Sakkinen
- [PATCH v17 2/6] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", amirmizi6
  - Re: [PATCH v17 2/6] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", Jarkko Sakkinen
- [PATCH v17 4/6] tpm: tpm_tis: Verify TPM_STS register is valid after locality request, amirmizi6
  - Re: [PATCH v17 4/6] tpm: tpm_tis: Verify TPM_STS register is valid after locality request, Jarkko Sakkinen
RE: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature, Roberto Sassu
- Re: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature, Deven Bowers
  - RE: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature, Roberto Sassu
- <Possible follow-ups>
- RE: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature, Roberto Sassu
  - Re: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature, Deven Bowers
[PATCH v16 0/6] Add tpm i2c ptp driver, amirmizi6
- [PATCH v16 3/6] tpm: Handle an exception for TPM Firmware Update mode., amirmizi6
- [PATCH v16 2/6] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", amirmizi6
  - Re: [PATCH v16 2/6] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", Jarkko Sakkinen
- [PATCH v16 4/6] tpm: tpm_tis: verify TPM_STS register is valid after locality request, amirmizi6
- [PATCH v16 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, amirmizi6
  - Re: [PATCH v16 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, Jarkko Sakkinen
- [PATCH v16 5/6] tpm: tpm_tis: add tpm_tis_i2c driver, amirmizi6
- [PATCH v16 6/6] tpm: Add YAML schema for TPM TIS I2C options, amirmizi6
[PATCH v2 0/2] use SM3 instead of SM3_256, Tianjia Zhang
- [PATCH v2 1/2] crypto: use SM3 instead of SM3_256, Tianjia Zhang
  - Re: [PATCH v2 1/2] crypto: use SM3 instead of SM3_256, Jarkko Sakkinen
    - Re: [PATCH v2 1/2] crypto: use SM3 instead of SM3_256, Tianjia Zhang
- [PATCH v2 2/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
[PATCH v1 1/3] ima: define ima_trusted_for hook, Mimi Zohar
- [PATCH v1 3/3] security: define a trusted_for hook, Mimi Zohar
- [PATCH v1 2/3] fs: extend the trusted_for syscall to call IMA, Mimi Zohar
[PATCH 1/2] ima: define ima_trusted_for hook, Mimi Zohar
- [PATCH 2/2] fs: extend the trusted_for syscall to call IMA, Mimi Zohar
  - Re: [PATCH 2/2] fs: extend the trusted_for syscall to call IMA, Mickaël Salaün
    - Re: [PATCH 2/2] fs: extend the trusted_for syscall to call IMA, Mimi Zohar
      - Re: [PATCH 2/2] fs: extend the trusted_for syscall to call IMA, Casey Schaufler
- Re: [PATCH 1/2] ima: define ima_trusted_for hook, Mimi Zohar
[PATCH] tpm/st33zp24: drop unneeded over-commenting, Sohaib Mohamed
- Re: [PATCH] tpm/st33zp24: drop unneeded over-commenting, Jarkko Sakkinen
- Re: [PATCH] tpm/st33zp24: drop unneeded over-commenting, Jarkko Sakkinen
[PATCH v15 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
- [PATCH v15 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Mickaël Salaün
- [PATCH v15 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
  - Message not available
    - Re: [fs] a0918006f9: netperf.Throughput_tps -11.6% regression, Kees Cook
      - Re: [fs] a0918006f9: netperf.Throughput_tps -11.6% regression, Yin Fengwei
      - Re: [fs] a0918006f9: netperf.Throughput_tps -11.6% regression, Mickaël Salaün
        
        Re: [fs] a0918006f9: netperf.Throughput_tps -11.6% regression, Yin Fengwei
      - Re: [fs] a0918006f9: netperf.Throughput_tps -11.6% regression, Yin Fengwei
- [PATCH v15 2/3] arch: Wire up trusted_for(2), Mickaël Salaün
[PATCH v2 00/20] Make some spi device drivers return zero in .remove(), Uwe Kleine-König
- [PATCH v2 20/20] tpm: st33zp24: Make st33zp24_remove() return void, Uwe Kleine-König
[PATCH v2 1/1] tpm: add request_locality before write TPM_INT_ENABLE, Chen Jun
- Re: [PATCH v2 1/1] tpm: add request_locality before write TPM_INT_ENABLE, Jarkko Sakkinen
- <Possible follow-ups>
- [PATCH v2 1/1] tpm: add request_locality before write TPM_INT_ENABLE, Chen Jun
  - Re: [PATCH v2 1/1] tpm: add request_locality before write TPM_INT_ENABLE, Jarkko Sakkinen
  - Re: [PATCH v2 1/1] tpm: add request_locality before write TPM_INT_ENABLE, Jarkko Sakkinen
[PATCH v2] tpm: ibmvtpm: Make use of dma_alloc_noncoherent(), Cai Huoqing
- Re: [PATCH v2] tpm: ibmvtpm: Make use of dma_alloc_noncoherent(), kernel test robot
[PATCH 13/13] tpm: st33zp24: Make st33zp24_remove() return void, Uwe Kleine-König
- Re: [PATCH 13/13] tpm: st33zp24: Make st33zp24_remove() return void, Jarkko Sakkinen
  - Re: [PATCH 13/13] tpm: st33zp24: Make st33zp24_remove() return void, Uwe Kleine-König
    - Re: [PATCH 13/13] tpm: st33zp24: Make st33zp24_remove() return void, Jarkko Sakkinen
[PATCH v4 0/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Ahmad Fatoum
- [PATCH v4 3/5] KEYS: trusted: allow trust sources to use kernel RNG for key material, Ahmad Fatoum
- [PATCH v4 1/5] KEYS: trusted: allow use of TEE as backend without TCG_TPM support, Ahmad Fatoum
  - Re: [PATCH v4 1/5] KEYS: trusted: allow use of TEE as backend without TCG_TPM support, Jarkko Sakkinen
- [PATCH v4 2/5] KEYS: trusted: allow users to use kernel RNG for key material, Ahmad Fatoum
  - Re: [PATCH v4 2/5] KEYS: trusted: allow users to use kernel RNG for key material, Jarkko Sakkinen
    - Re: [PATCH v4 2/5] KEYS: trusted: allow users to use kernel RNG for key material, Ahmad Fatoum
  - RE: [EXT] [PATCH v4 2/5] KEYS: trusted: allow users to use kernel RNG for key material, Pankaj Gupta
- [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Ahmad Fatoum
  - Re: [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Ahmad Fatoum
  - Re: [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Matthias Schiffer
    - Re: [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Ahmad Fatoum
      - Re: [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Matthias Schiffer
        
        RE: [EXT] Re: [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Pankaj Gupta
        
        Re: [EXT] Re: [PATCH v4 5/5] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys, Ahmad Fatoum
- [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator, Ahmad Fatoum
  - Re: [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator, Ahmad Fatoum
    - Re: [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator, Ahmad Fatoum
  - Re: [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator, Jarkko Sakkinen
    - Re: [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator, Ahmad Fatoum
  - RE: [EXT] [PATCH v4 4/5] crypto: caam - add in-kernel interface for blob generator, Pankaj Gupta (OSS)
[PATCH] tpm: ibmvtpm: Make use of dma_alloc_coherent(), Cai Huoqing
- Re: [PATCH] tpm: ibmvtpm: Make use of dma_alloc_coherent(), Jarkko Sakkinen
  - Re: [PATCH] tpm: ibmvtpm: Make use of dma_alloc_coherent(), Jason Gunthorpe
    - Re: [PATCH] tpm: ibmvtpm: Make use of dma_alloc_coherent(), Jarkko Sakkinen
      - RE: [PATCH] tpm: ibmvtpm: Make use of dma_alloc_coherent(), David Laight
[PATCH 0/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
- [PATCH 1/2] crypto: use SM3 instead of SM3_256, Tianjia Zhang
  - Re: [PATCH 1/2] crypto: use SM3 instead of SM3_256, James Bottomley
    - Re: [PATCH 1/2] crypto: use SM3 instead of SM3_256, Jarkko Sakkinen
      - Re: [PATCH 1/2] crypto: use SM3 instead of SM3_256, James Bottomley
        
        Re: [PATCH 1/2] crypto: use SM3 instead of SM3_256, Jarkko Sakkinen
        
        Re: [PATCH 1/2] crypto: use SM3 instead of SM3_256, Tianjia Zhang
    - Re: [PATCH 1/2] crypto: use SM3 instead of SM3_256, Tianjia Zhang
- [PATCH 2/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
  - Re: [PATCH 2/2] tpm: use SM3 instead of SM3_256, Jarkko Sakkinen
    - Re: [PATCH 2/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
      - Re: [PATCH 2/2] tpm: use SM3 instead of SM3_256, Jarkko Sakkinen
        
        Re: [PATCH 2/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
        
        Re: [PATCH 2/2] tpm: use SM3 instead of SM3_256, Jarkko Sakkinen
- Re: [PATCH 0/2] tpm: use SM3 instead of SM3_256, James Bottomley
  - Re: [PATCH 0/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
    - Re: [PATCH 0/2] tpm: use SM3 instead of SM3_256, Ken Goldman
      - Re: [PATCH 0/2] tpm: use SM3 instead of SM3_256, Tianjia Zhang
[PATCH v14 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
- [PATCH v14 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
  - Re: [PATCH v14 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Florian Weimer
    - Re: [PATCH v14 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
    - Re: [PATCH v14 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mimi Zohar
- [PATCH v14 2/3] arch: Wire up trusted_for(2), Mickaël Salaün
- [PATCH v14 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Mickaël Salaün
  - Re: [PATCH v14 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Kees Cook
- Re: [PATCH v14 0/3] Add trusted_for(2) (was O_MAYEXEC), Kees Cook
- Re: [PATCH v14 0/3] Add trusted_for(2) (was O_MAYEXEC), Andrew Morton
  - Re: [PATCH v14 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
    - Re: [PATCH v14 0/3] Add trusted_for(2) (was O_MAYEXEC), Andrew Morton
[PATCH v6 0/2] IMA checkpatch fixes, Petr Vorel
- [PATCH v6 1/2] ima_policy: Remove duplicate 'the' in docs comment, Petr Vorel
- [PATCH v6 2/2] ima: Use strscpy instead of strlcpy, Petr Vorel
- Re: [PATCH v6 0/2] IMA checkpatch fixes, Petr Vorel
- Re: [PATCH v6 0/2] IMA checkpatch fixes, Mimi Zohar
  - Re: [PATCH v6 0/2] IMA checkpatch fixes, Petr Vorel
  - Re: [PATCH v6 0/2] IMA checkpatch fixes, Alex Henrie
[PATCH] tpm/st33zp24: Fix typo in st33zp24.c, Sohaib Mohamed
- Re: [PATCH] tpm/st33zp24: Fix typo in st33zp24.c, Jarkko Sakkinen
[PATCH v3 1/2] ima: fix uid code style problems, Alex Henrie
- [PATCH v3 2/2] ima: add gid support, Alex Henrie
  - Re: [PATCH v3 2/2] ima: add gid support, Petr Vorel
- Re: [PATCH v3 1/2] ima: fix uid code style problems, Petr Vorel
[PATCH v13 0/3] Add trusted_for(2) (was O_MAYEXEC), Mickaël Salaün
- [PATCH v13 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
  - Re: [PATCH v13 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Kees Cook
    - Re: [PATCH v13 1/3] fs: Add trusted_for(2) syscall implementation and related sysctl, Mickaël Salaün
- [PATCH v13 2/3] arch: Wire up trusted_for(2), Mickaël Salaün
  - Re: [PATCH v13 2/3] arch: Wire up trusted_for(2), Kees Cook
- [PATCH v13 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Mickaël Salaün
  - Re: [PATCH v13 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Kees Cook
    - Re: [PATCH v13 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Mickaël Salaün
      - Re: [PATCH v13 3/3] selftest/interpreter: Add tests for trusted_for(2) policies, Kees Cook
[PATCH v8 0/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
- [PATCH v8 1/3] IMA: Move check_policy_writable() to ima_setup.sh and rename it, Petr Vorel
- [PATCH v8 2/3] IMA: Move ima_check to ima_setup.sh, Petr Vorel
- [PATCH v8 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
- Re: [PATCH v8 0/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
[PATCH] IMA: make runtime measurement list pollable, Daiki Ueno
- Re: [PATCH] IMA: make runtime measurement list pollable, Mimi Zohar
  - Re: [PATCH] IMA: make runtime measurement list pollable, Daiki Ueno
- [PATCH v2] IMA: make runtime measurement list pollable, Daiki Ueno
[PATCH v2] ima: add gid support, Alex Henrie
- Re: [PATCH v2] ima: add gid support, Mimi Zohar
  - Re: [PATCH v2] ima: add gid support, Petr Vorel
  - Re: [PATCH v2] ima: add gid support, Alex Henrie
[PATCH v3] integrity: support including firmware ".platform" keys at build time, Nayna Jain
- Re: [PATCH v3] integrity: support including firmware ".platform" keys at build time, Nayna
  - Re: [PATCH v3] integrity: support including firmware ".platform" keys at build time, Mimi Zohar
- Re: [PATCH v3] integrity: support including firmware ".platform" keys at build time, Dimitri John Ledkov
  - Re: [PATCH v3] integrity: support including firmware ".platform" keys at build time, Nayna
[PATCH v6] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Borys Movchan
- Re: [PATCH v6] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Jarkko Sakkinen
  - Re: [PATCH v6] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Jarkko Sakkinen
  - [PATCH v6] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Axel Jonsson
  - [PATCH v7] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Axel Jonsson
    - Re: [PATCH v7] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Jarkko Sakkinen
      - Re: [PATCH v7] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Axel Jonsson
      - [PATCH v8] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Axel Jonsson
        
        Re: [PATCH v8] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Jarkko Sakkinen
- Re: [PATCH v6] tpm: Add Upgrade/Reduced mode support for TPM2 modules, Borys Movchan
DIGLIM demo, Roberto Sassu
[RFC][PATCH 0/7] ima: Measure and appraise files with DIGLIM, Roberto Sassu
- [RFC][PATCH 1/7] integrity: Change type of IMA rule-related flags to u64, Roberto Sassu
- [RFC][PATCH 2/7] ima: Introduce new policy keyword use_diglim, Roberto Sassu
- [RFC][PATCH 3/7] ima: Introduce diglim and appraise_diglim policies, Roberto Sassu
- [RFC][PATCH 4/7] ima: Query file digest and retrieve info from its digest lists, Roberto Sassu
- [RFC][PATCH 5/7] ima: Query metadata digest and retrieve info from its digest lists, Roberto Sassu
- [RFC][PATCH 6/7] ima: Skip measurement of files found in DIGLIM hash table, Roberto Sassu
- [RFC][PATCH 7/7] ima: Add support for appraisal with digest lists, Roberto Sassu
[PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Lino Sanfilippo
- Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
  - Aw: Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Lino Sanfilippo
- Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
  - Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Lino Sanfilippo
    - Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
      - Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Jason Gunthorpe
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Jason Gunthorpe
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Florian Fainelli
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Jason Gunthorpe
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Florian Fainelli
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Jason Gunthorpe
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Jason Gunthorpe
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Florian Fainelli
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Mark Brown
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Florian Fainelli
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Lino Sanfilippo
        
        Re: [PATCH] spi: bcm2835: do not unregister controller in shutdown handler, Jason Gunthorpe
[PATCH v29 15/28] LSM: Ensure the correct LSM context releaser, Casey Schaufler
[PATCH v29 13/28] IMA: Change internal interfaces to use lsmblobs, Casey Schaufler
[PATCH v29 12/28] LSM: Use lsmblob in security_cred_getsecid, Casey Schaufler
[PATCH v29 11/28] LSM: Use lsmblob in security_inode_getsecid, Casey Schaufler
[PATCH v29 10/28] LSM: Use lsmblob in security_task_getsecid, Casey Schaufler
[PATCH v29 05/28] LSM: Use lsmblob in security_audit_rule_match, Casey Schaufler
[PATCH v2] tpm_tis_spi: Add missing SPI ID, Mark Brown
- Re: [PATCH v2] tpm_tis_spi: Add missing SPI ID, Jarkko Sakkinen
[bug report] tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy), Dan Carpenter
[PATCH] tpm_tis_spi: Add missing SPI ID, Mark Brown
- Re: [PATCH] tpm_tis_spi: Add missing SPI ID, Jarkko Sakkinen
- Re: [PATCH] tpm_tis_spi: Add missing SPI ID, Javier Martinez Canillas
[PATCH ltp v7 1/3] IMA: Move check_policy_writable() to ima_setup.sh and rename it, Alex Henrie
- [PATCH ltp v7 2/3] IMA: Move ima_check to ima_setup.sh, Alex Henrie
- [PATCH ltp v7 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
[PATCH v6 0/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
- [PATCH v6 1/3] IMA: Move check_policy_writable() to ima_setup.sh and rename it, Petr Vorel
- [PATCH v6 2/3] IMA: Move ima_check to ima_setup.sh, Petr Vorel
- [PATCH v6 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
  - Re: [PATCH v6 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
    - Re: [PATCH v6 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
[PATCH ltp v5 1/3] IMA: Move check_policy_writable to ima_setup.sh and rename it, Alex Henrie
- [PATCH ltp v5 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
- [PATCH ltp v5 2/3] IMA: Move ima_check to ima_setup.sh, Alex Henrie
  - Re: [PATCH ltp v5 2/3] IMA: Move ima_check to ima_setup.sh, Petr Vorel
[PATCH ltp v4 1/3] IMA: Move check_policy_writable to ima_setup.sh and rename it, Alex Henrie
- [PATCH ltp v4 2/3] IMA: Move ima_check to ima_setup.sh, Alex Henrie
- [PATCH ltp v4 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
  - Re: [PATCH ltp v4 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
[PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config, Morten Linderud
- Re: [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config, Jarkko Sakkinen
  - Re: [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config, Morten Linderud
- Re: [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config, Jarkko Sakkinen
  - Re: [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config, Morten Linderud
    - Re: [PATCH] tpm/eventlog: Don't abort tpm_read_log on faulty ACPI config, Jarkko Sakkinen
[PATCH v2] integrity: support including firmware ".platform" keys at build time, Nayna Jain
- Re: [PATCH v2] integrity: support including firmware ".platform" keys at build time, Jarkko Sakkinen
  - Re: [PATCH v2] integrity: support including firmware ".platform" keys at build time, Nayna
[RFC][PATCH 0/9] integrity: Introduce DIGLIM advanced features, Roberto Sassu
- [RFC][PATCH 2/9] diglim: Loader, Roberto Sassu
- [RFC][PATCH 5/9] diglim: Compact digest list generator, Roberto Sassu
- [RFC][PATCH 6/9] diglim: RPM digest list generator, Roberto Sassu
- [RFC][PATCH 7/9] diglim: Digest list uploader, Roberto Sassu
- [RFC][PATCH 8/9] diglim: RPM parser, Roberto Sassu
- [RFC][PATCH 9/9] diglim: Admin guide, Roberto Sassu
- [RFC][PATCH 1/9] ima: Introduce new hook DIGEST_LIST_CHECK, Roberto Sassu
- [RFC][PATCH 4/9] diglim: Tests - LSM, Roberto Sassu
- [RFC][PATCH 3/9] diglim: LSM, Roberto Sassu
[zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):, kernel test robot
- Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):, liqiong
  - Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):, Mimi Zohar
    - Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):, liqiong
[PATCH v6 00/13] Enroll kernel keys thru MOK, Eric Snowberg
- [PATCH v6 01/13] integrity: Introduce a Linux keyring called machine, Eric Snowberg
- [PATCH v6 07/13] KEYS: add a reference to machine keyring, Eric Snowberg
- [PATCH v6 03/13] KEYS: CA link restriction, Eric Snowberg
  - Re: [PATCH v6 03/13] KEYS: CA link restriction, kernel test robot
  - Re: [PATCH v6 03/13] KEYS: CA link restriction, kernel test robot
  - Re: [PATCH v6 03/13] KEYS: CA link restriction, Nayna
- [PATCH v6 02/13] integrity: Do not allow machine keyring updates following init, Eric Snowberg
- [PATCH v6 05/13] integrity: add new keyring handler for mok keys, Eric Snowberg
  - Re: [PATCH v6 05/13] integrity: add new keyring handler for mok keys, kernel test robot
- [PATCH v6 08/13] KEYS: Introduce link restriction for machine keys, Eric Snowberg
- [PATCH v6 12/13] integrity: Trust MOK keys if MokListTrustedRT found, Eric Snowberg
  - Re: [PATCH v6 12/13] integrity: Trust MOK keys if MokListTrustedRT found, Peter Jones
    - Re: [PATCH v6 12/13] integrity: Trust MOK keys if MokListTrustedRT found, Eric Snowberg
      - Re: [PATCH v6 12/13] integrity: Trust MOK keys if MokListTrustedRT found, Peter Jones
        
        Re: [PATCH v6 12/13] integrity: Trust MOK keys if MokListTrustedRT found, Eric Snowberg
- [PATCH v6 04/13] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, Eric Snowberg
- [PATCH v6 13/13] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true, Eric Snowberg
- [PATCH v6 06/13] KEYS: Rename get_builtin_and_secondary_restriction, Eric Snowberg
- [PATCH v6 10/13] KEYS: link secondary_trusted_keys to machine trusted keys, Eric Snowberg
- [PATCH v6 11/13] integrity: store reference to machine keyring, Eric Snowberg
- [PATCH v6 09/13] KEYS: integrity: change link restriction to trust the machine keyring, Eric Snowberg
- Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Jarkko Sakkinen
  - Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Eric Snowberg
    - Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Jarkko Sakkinen
      - Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Peter Jones
        
        Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Eric Snowberg
        
        Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Jarkko Sakkinen
- Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Nayna
  - Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Eric Snowberg
    - Re: [PATCH v6 00/13] Enroll kernel keys thru MOK, Mimi Zohar
[PATCH v3 00/13] integrity: Introduce DIGLIM, Roberto Sassu
- [PATCH v3 01/13] diglim: Overview, Roberto Sassu
  - Re: [PATCH v3 01/13] diglim: Overview, Jarkko Sakkinen
    - RE: [PATCH v3 01/13] diglim: Overview, Roberto Sassu
- [PATCH v3 03/13] diglim: Objects, Roberto Sassu
- [PATCH v3 04/13] diglim: Methods, Roberto Sassu
- [PATCH v3 02/13] diglim: Basic definitions, Roberto Sassu
- [PATCH v3 05/13] diglim: Parser, Roberto Sassu
- [PATCH v3 06/13] diglim: IMA info, Roberto Sassu
- [PATCH v3 07/13] diglim: Interfaces - digest_list_add, digest_list_del, Roberto Sassu
- [PATCH v3 09/13] diglim: Interfaces - digest_list_label, Roberto Sassu
- [PATCH v3 08/13] diglim: Interfaces - digest_lists_loaded, Roberto Sassu
- [PATCH v3 10/13] diglim: Interfaces - digest_query, Roberto Sassu
- [PATCH v3 11/13] diglim: Interfaces - digests_count, Roberto Sassu
- [PATCH v3 12/13] diglim: Remote Attestation, Roberto Sassu
- [PATCH v3 13/13] diglim: Tests, Roberto Sassu
- RE: [PATCH v3 00/13] integrity: Introduce DIGLIM, Roberto Sassu
[PATCH ltp v3 1/2] IMA: Move check_policy_writable to ima_setup.sh and rename it, Alex Henrie
- [PATCH ltp v3 2/2] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
  - Re: [PATCH ltp v3 2/2] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
  - Re: [PATCH ltp v3 2/2] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
- Re: [PATCH ltp v3 1/2] IMA: Move check_policy_writable to ima_setup.sh and rename it, Petr Vorel
[PATCH v15 0/6] Add tpm i2c ptp driver, amirmizi6
- [PATCH v15 3/6] tpm: Handle an exception for TPM Firmware Update mode., amirmizi6
- [PATCH v15 4/6] tpm: tpm_tis: verify TPM_STS register is valid after locality request, amirmizi6
- [PATCH v15 2/6] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", amirmizi6
- [PATCH v15 6/6] tpm: Add YAML schema for TPM TIS I2C options, amirmizi6
  - Re: [PATCH v15 6/6] tpm: Add YAML schema for TPM TIS I2C options, Rob Herring
- [PATCH v15 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, amirmizi6
  - Re: [PATCH v15 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, Jarkko Sakkinen
    - Re: [PATCH v15 1/6] tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, Amir Mizinski
- [PATCH v15 5/6] tpm: tpm_tis: add tpm_tis_i2c driver, amirmizi6
[PATCH v4 0/9] ima-evm-utils: Add support for signing with pkcs11 URIs, Stefan Berger
- [PATCH v4 2/9] evmctl: Handle failure to initialize the openssl engine, Stefan Berger
- [PATCH v4 1/9] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable, Stefan Berger
- [PATCH v4 3/9] evmctl: Implement function for setting up an OpenSSL engine, Stefan Berger
- [PATCH v4 4/9] evmctl: Define and use an ENGINE field in libimaevm_params, Stefan Berger
- [PATCH v4 5/9] evmctl: use the pkcs11 engine for pkcs11: prefixed URIs, Stefan Berger
- [PATCH v4 6/9] libimaevm: Add support for pkcs11 private keys for signing a v2 hash, Stefan Berger
- [PATCH v4 7/9] tests: Import softhsm_setup script to enable pkcs11 test case, Stefan Berger
- [PATCH v4 9/9] tests: Get the packages for pkcs11 testing on the CI/CD system, Stefan Berger
- [PATCH v4 8/9] tests: Extend sign_verify test with pkcs11-specific test, Stefan Berger
- Re: [PATCH v4 0/9] ima-evm-utils: Add support for signing with pkcs11 URIs, Mimi Zohar
[PATCH v14 0/7] Add tpm i2c ptp driver, amirmizi6
- [PATCH v14 4/7] tpm: Handle an exception for TPM Firmware Update mode., amirmizi6
- [PATCH v14 5/7] tpm: tpm_tis: verify TPM_STS register is valid after locality request, amirmizi6
- [PATCH v14 6/7] tpm: tpm_tis: add tpm_tis_i2c driver, amirmizi6
- [PATCH v14 7/7] \tpm: Add YAML schema for TPM TIS I2C options, amirmizi6
- [PATCH v14 1/7] tpm: Make read{16, 32}() and write32() in tpm_tis_phy_ops optional, amirmizi6
  - Re: [PATCH v14 1/7] tpm: Make read{16, 32}() and write32() in tpm_tis_phy_ops optional, Jarkko Sakkinen
- [PATCH v14 3/7] tpm: tpm_tis: Rewrite "tpm_tis_req_canceled()", amirmizi6
- [PATCH v14 2/7] tpm: tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, amirmizi6
  - Re: [PATCH v14 2/7] tpm: tpm_tis: Fix expected bit handling and send all bytes in one shot without last byte in exception, Jarkko Sakkinen
[PATCH v2 1/1] tpm/tpm_i2c_infineon: Fix init endian vendor check, Florian Eckert
- Re: [PATCH v2 1/1] tpm/tpm_i2c_infineon: Fix init endian vendor check, Jason Gunthorpe
  - Re: [PATCH v2 1/1] tpm/tpm_i2c_infineon: Fix init endian vendor check, Florian Eckert
    - Re: [PATCH v2 1/1] tpm/tpm_i2c_infineon: Fix init endian vendor check, Jason Gunthorpe
- Re: [PATCH v2 1/1] tpm/tpm_i2c_infineon: Fix init endian vendor check, kernel test robot
- Re: [PATCH v2 1/1] tpm/tpm_i2c_infineon: Fix init endian vendor check, Jarkko Sakkinen
[PATCH v6 0/1] NAX (No Anonymous Execution) LSM, Igor Zhbanov
- [PATCH v6 1/1] NAX LSM: Add initial support, Igor Zhbanov
[PATCH v7 ima-evm-utils 0/2] make default hash algorithm dynamic, Bruno Meneguele
- [PATCH v7 ima-evm-utils 1/2] set default hash algorithm in configuration time, Bruno Meneguele
  - Re: [PATCH v7 ima-evm-utils 1/2] set default hash algorithm in configuration time, Mimi Zohar
    - Re: [PATCH v7 ima-evm-utils 1/2] set default hash algorithm in configuration time, Bruno Meneguele
- [PATCH v7 ima-evm-utils 2/2] make SHA-256 the default hash algorithm, Bruno Meneguele
[PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Lino Sanfilippo
- Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Jarkko Sakkinen
  - Aw: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Lino Sanfilippo
    - Re: Aw: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Jarkko Sakkinen
      - Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Lino Sanfilippo
        
        Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Jason Gunthorpe
        
        Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Lino Sanfilippo
        
        Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Jason Gunthorpe
        
        Re: Re: [PATCH] tpm: fix potential NULL pointer access in tpm_del_char_device(), Lino Sanfilippo
[PATCH] integrity: support including firmware ".platform" keys at build time, Nayna Jain
- Re: [PATCH] integrity: support including firmware ".platform" keys at build time, kernel test robot
- Re: [PATCH] integrity: support including firmware ".platform" keys at build time, kernel test robot
- Re: [PATCH] integrity: support including firmware ".platform" keys at build time, kernel test robot
- Re: [PATCH] integrity: support including firmware ".platform" keys at build time, Jarkko Sakkinen
[PATCH ltp v2] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
- Re: [PATCH ltp v2] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
[PATCH linux rebase] ima: add gid support, Alex Henrie
- [PATCH ltp] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
  - Re: [PATCH ltp] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
    - Re: [PATCH ltp] IMA: Add tests for uid, gid, fowner, and fgroup options, Alex Henrie
      - Re: [PATCH ltp] IMA: Add tests for uid, gid, fowner, and fgroup options, Petr Vorel
- Re: [PATCH linux rebase] ima: add gid support, Mimi Zohar
[PATCH v3 0/9] ima-evm-utils: Add support for signing with pkcs11 URIs, Stefan Berger
- [PATCH v3 1/9] evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable, Stefan Berger
- [PATCH v3 2/9] evmctl: Handle failure to initialize the openssl engine, Stefan Berger
- [PATCH v3 5/9] evmctl: use the pkcs11 engine for pkcs11: prefixed URIs, Stefan Berger
- [PATCH v3 6/9] libimaevm: Add support for pkcs11 private keys for signing a v2 hash, Stefan Berger
- [PATCH v3 4/9] evmctl: Define and use an ENGINE field in libimaevm_params, Stefan Berger
- [PATCH v3 3/9] evmctl: Implement function for setting up an OpenSSL engine, Stefan Berger
  - Re: [PATCH v3 3/9] evmctl: Implement function for setting up an OpenSSL engine, Mimi Zohar
- [PATCH v3 9/9] tests: Get the packages for pkcs11 testing on the CI/CD system, Stefan Berger
  - Re: [PATCH v3 9/9] tests: Get the packages for pkcs11 testing on the CI/CD system, Mimi Zohar
- [PATCH v3 7/9] tests: Import softhsm_setup script to enable pkcs11 test case, Stefan Berger
  - Re: [PATCH v3 7/9] tests: Import softhsm_setup script to enable pkcs11 test case, Mimi Zohar
- [PATCH v3 8/9] tests: Extend sign_verify test with pkcs11-specific test, Stefan Berger
  - Re: [PATCH v3 8/9] tests: Extend sign_verify test with pkcs11-specific test, Mimi Zohar
- Re: [PATCH v3 0/9] ima-evm-utils: Add support for signing with pkcs11 URIs, Mimi Zohar
[PATCH] tpm/tpm_i2c_infineon: Fix init endian vendor check, Florian Eckert
- Re: [PATCH] tpm/tpm_i2c_infineon: Fix init endian vendor check, Jason Gunthorpe
  - Re: [PATCH] tpm/tpm_i2c_infineon: Fix init endian vendor check, Florian Eckert
[PATCH v6] tpm: fix Atmel TPM crash caused by too frequent queries, Hao Wu
- Re: [PATCH v6] tpm: fix Atmel TPM crash caused by too frequent queries, Hao Wu
- <Possible follow-ups>
- [PATCH v6] tpm: fix Atmel TPM crash caused by too frequent queries, Hao Wu
  - Re: [PATCH v6] tpm: fix Atmel TPM crash caused by too frequent queries, Jarkko Sakkinen
    - Re: [PATCH v6] tpm: fix Atmel TPM crash caused by too frequent queries, Hao Wu
[PATCH] tpm: Check for integer overflow in tpm2_map_response_body(), Dan Carpenter
- Re: [PATCH] tpm: Check for integer overflow in tpm2_map_response_body(), Jarkko Sakkinen
[PATCH v5 00/12] Enroll kernel keys thru MOK, Eric Snowberg
- [PATCH v5 04/12] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, Eric Snowberg
  - Re: [PATCH v5 04/12] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, Jarkko Sakkinen
  - Re: [PATCH v5 04/12] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, Mimi Zohar
    - Re: [PATCH v5 04/12] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, Eric Snowberg
      - Re: [PATCH v5 04/12] integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca, Mimi Zohar
- [PATCH v5 07/12] KEYS: Introduce link restriction to include builtin, secondary and machine keys, Eric Snowberg
  - Re: [PATCH v5 07/12] KEYS: Introduce link restriction to include builtin, secondary and machine keys, Mimi Zohar
    - Re: [PATCH v5 07/12] KEYS: Introduce link restriction to include builtin, secondary and machine keys, Eric Snowberg
      - Re: [PATCH v5 07/12] KEYS: Introduce link restriction to include builtin, secondary and machine keys, Mimi Zohar
- [PATCH v5 03/12] KEYS: CA link restriction, Eric Snowberg
- [PATCH v5 05/12] integrity: add new keyring handler for mok keys, Eric Snowberg
- [PATCH v5 10/12] integrity: store reference to machine keyring, Eric Snowberg
- [PATCH v5 08/12] KEYS: integrity: change link restriction to trust the machine keyring, Eric Snowberg
  - Re: [PATCH v5 08/12] KEYS: integrity: change link restriction to trust the machine keyring, Mimi Zohar
- [PATCH v5 01/12] integrity: Introduce a Linux keyring called machine, Eric Snowberg
  - Re: [PATCH v5 01/12] integrity: Introduce a Linux keyring called machine, Jarkko Sakkinen
  - Re: [PATCH v5 01/12] integrity: Introduce a Linux keyring called machine, Mimi Zohar
    - Re: [PATCH v5 01/12] integrity: Introduce a Linux keyring called machine, Eric Snowberg
- [PATCH v5 11/12] integrity: Trust MOK keys if MokListTrustedRT found, Eric Snowberg
- [PATCH v5 06/12] KEYS: add a reference to machine keyring, Eric Snowberg
- [PATCH v5 02/12] integrity: Do not allow machine keyring updates following init, Eric Snowberg
  - Re: [PATCH v5 02/12] integrity: Do not allow machine keyring updates following init, Jarkko Sakkinen
- [PATCH v5 09/12] KEYS: link secondary_trusted_keys to machine trusted keys, Eric Snowberg
- [PATCH v5 12/12] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true, Eric Snowberg
  - Re: [PATCH v5 12/12] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true, Jarkko Sakkinen
- Re: [PATCH v5 00/12] Enroll kernel keys thru MOK, Jarkko Sakkinen
  - Re: [PATCH v5 00/12] Enroll kernel keys thru MOK, Jarkko Sakkinen
    - Re: [PATCH v5 00/12] Enroll kernel keys thru MOK, Eric Snowberg
      - Re: [PATCH v5 00/12] Enroll kernel keys thru MOK, Mimi Zohar
  - Re: [PATCH v5 00/12] Enroll kernel keys thru MOK, Eric Snowberg
[PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Vitaly Chikunov
- Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Stefan Berger
  - Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Vitaly Chikunov
    - Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Stefan Berger
- Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Mimi Zohar
  - Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Vitaly Chikunov
    - Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Mimi Zohar
      - Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Vitaly Chikunov
  - Re: [PATCH ima-evm-utils v4] evmctl: Use secure heap for private keys and passwords, Mimi Zohar
[PATCH v5 ima-evm-utils 0/2] make default hash algorithm dynamic, Bruno Meneguele
- [PATCH v5 ima-evm-utils 1/2] set default hash algorithm in configuration time, Bruno Meneguele
  - Re: [PATCH v5 ima-evm-utils 1/2] set default hash algorithm in configuration time, Mimi Zohar
    - Re: [PATCH v5 ima-evm-utils 1/2] set default hash algorithm in configuration time, Bruno Meneguele
  - [PATCH v6 ima-evm-utils 1/2] set default hash algorithm in configuration time, Bruno Meneguele
- [PATCH v5 ima-evm-utils 2/2] make SHA-256 the default hash algorithm, Bruno Meneguele
IMA namespaces, Denis Semakin
- Re: IMA namespaces, Stefan Berger
  - Re: IMA namespaces, Denis Semakin
    - Re: IMA namespaces, Stefan Berger
[GIT PULL] integrity subsystem updates for v5.15, Mimi Zohar

[Index of Archives] [Linux Kernel] [Linux Kernel Hardening] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux SCSI] [Yosemite Forum]