Patch "LoadPin: Fix Kconfig doc about format of file with verity digests" has been added to the 6.0-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    LoadPin: Fix Kconfig doc about format of file with verity digests

to the 6.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     loadpin-fix-kconfig-doc-about-format-of-file-with-verity-digests.patch
and it can be found in the queue-6.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From aafc203bbad4bf6cf394a34ea698c2b0b8affae0 Mon Sep 17 00:00:00 2001
From: Matthias Kaehlcke <mka@xxxxxxxxxxxx>
Date: Mon, 29 Aug 2022 17:46:10 -0700
Subject: LoadPin: Fix Kconfig doc about format of file with verity digests

From: Matthias Kaehlcke <mka@xxxxxxxxxxxx>

commit aafc203bbad4bf6cf394a34ea698c2b0b8affae0 upstream.

The doc for CONFIG_SECURITY_LOADPIN_VERITY says that the file with verity
digests must contain a comma separated list of digests. That was the case
at some stage of the development, but was changed during the review
process to one digest per line. Update the Kconfig doc accordingly.

Reported-by: Jae Hoon Kim <kimjae@xxxxxxxxxxxx>
Signed-off-by: Matthias Kaehlcke <mka@xxxxxxxxxxxx>
Fixes: 3f805f8cc23b ("LoadPin: Enable loading from trusted dm-verity devices")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20220829174557.1.I5d202d1344212a3800d9828f936df6511eb2d0d1@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 security/loadpin/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/security/loadpin/Kconfig
+++ b/security/loadpin/Kconfig
@@ -33,4 +33,4 @@ config SECURITY_LOADPIN_VERITY
 	  on the LoadPin securityfs entry 'dm-verity'. The ioctl
 	  expects a file descriptor of a file with verity digests as
 	  parameter. The file must be located on the pinned root and
-	  contain a comma separated list of digests.
+	  contain one digest per line.


Patches currently in stable-queue which might be from mka@xxxxxxxxxxxx are

queue-6.0/loadpin-fix-kconfig-doc-about-format-of-file-with-verity-digests.patch
queue-6.0/dm-verity-loadpin-only-trust-verity-targets-with-enforcement.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux