Message ID | 20230522230944.180389-1-eric.snowberg@oracle.com (mailing list archive) |
---|---|
Headers | show
Return-Path: <linux-integrity-owner@vger.kernel.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01E15C7EE2A for <linux-integrity@archiver.kernel.org>; Tue, 23 May 2023 00:41:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233958AbjEVXOZ (ORCPT <rfc822;linux-integrity@archiver.kernel.org>); Mon, 22 May 2023 19:14:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60032 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232477AbjEVXOR (ORCPT <rfc822;linux-integrity@vger.kernel.org>); Mon, 22 May 2023 19:14:17 -0400 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12FD2119; Mon, 22 May 2023 16:14:05 -0700 (PDT) Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34MKOKc9021197; Mon, 22 May 2023 23:13:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=corp-2023-03-30; bh=sMUBRzgJEu2PQTTBTZlkCLFb06qYGlfE3hU51Nsx7hI=; b=yXgdBiZZRbiJEc7NFQHBVtVjWprDyuoDf74GtiwqwYQAyRLkh/j8e6j2YxbvgAbXVoaR efsHTJf/5mJq6Ig9h+ZNMEee3deaAzrN5bbP84vFxXFwoF23iKp8oir2vXt6p/Soy76n n16fFgpzLAxLu8FTttHGH/4fV2GSOobYPHuVixH+rshQYYwpGzNSU2dwlVrHGi+LEcPA cHE315xQA45LPsO9fkPd7kFawS3EFATRJaFg9ifX1eAIfm3uHRmZHwCxuJ+uBgBoxByU IhUN3fTfT7gKDnqn4pBz+vP19/yRGYKEM6XerM1QNlF6irv3RdDIUAQDGJrSVMUJbQjd XQ== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3qpp5bkuyk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 May 2023 23:13:37 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 34MLcl2A027194; Mon, 22 May 2023 23:13:36 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2104.outbound.protection.outlook.com [104.47.58.104]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3qqk2cu50f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 May 2023 23:13:36 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OIFr6lkMMja8WYxMqRdQLsTCPwEDzHDjqZDFS35oI9oUnN4E+ndpailIDZ/7bIDguu3cwr6oDXR+vJoyhyeLEzAJGaX+9RTnW/kckN8Tg0GrdxqAo7dfb2cOIJKZzzrFqrPdx+Qu5ysEdzd0uI1MjpuSjysGvYU80G5D/+6f9X7J7xvMAtoroQvkLnwpi3CySKR2cffX2MhZiG1A+AKfYFyjIAP01nA4JmmM0j8UbwNccFxJ2JbGpgAZZMBTgR3qLDfzBtsLZ5R7QjdiO8cSqHYiBGoKJl8JYhXvGH00ZuqZFLR3UxDKXlRyHT7hsX95/9wxI1Hs2kAuaSbtWnhI3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sMUBRzgJEu2PQTTBTZlkCLFb06qYGlfE3hU51Nsx7hI=; b=Wk8JYSmVVyX1M3BNXU4zewu8eAPxjNStruFL3xQRW3732YEPL5iCpfasNR4eFs+svc/MV85iNpiNUwZySRORtT13u7TjEYA7eIpzBDiIJ4vdLT7gY+7pA40dkAhchmM6uadqtS1h22+sNqRDiz/wOQAmfcNjhmteebmPPTJKOfyLVOaGVjw6vM5OXdcLWYDv5fPJ8UA4HZw1jr7PzULaPupoUg3J3vIVLlmIPZLhG8qxsc7gZmq9UbxVWcfytmF3uIHzeM+a5RzgasuOXFgJTN6OVvBjoVuX3BP+JwakXJPIYllwLWDCyXFR3FN9Buvu4hlEdOT2HzImFSajIXRDxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sMUBRzgJEu2PQTTBTZlkCLFb06qYGlfE3hU51Nsx7hI=; b=WBpNalYwFSxOFIacqO3z84/TXVRoHLoyYAc4ukI/NTsuH855VDBB6GdWHKlEhFDOWOgxlsGuXVuat0mUqTWnxrblquFDus1nM8/w1+j0A5qeTjTKXdHhG8yHUWz4oM+XV2o3OL0Regp7v+lXtHBlUSN/dFgI0vbLCs5UwzKvbT0= Received: from CH2PR10MB4150.namprd10.prod.outlook.com (2603:10b6:610:ac::13) by SA3PR10MB7095.namprd10.prod.outlook.com (2603:10b6:806:31e::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Mon, 22 May 2023 23:13:10 +0000 Received: from CH2PR10MB4150.namprd10.prod.outlook.com ([fe80::d074:eba3:3b2b:b48e]) by CH2PR10MB4150.namprd10.prod.outlook.com ([fe80::d074:eba3:3b2b:b48e%4]) with mapi id 15.20.6411.028; Mon, 22 May 2023 23:13:10 +0000 From: Eric Snowberg <eric.snowberg@oracle.com> To: jarkko@kernel.org, zohar@linux.ibm.com, dhowells@redhat.com, dwmw2@infradead.org Cc: herbert@gondor.apana.org.au, davem@davemloft.net, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, jlee@suse.com, eric.snowberg@oracle.com, kanth.ghatraju@oracle.com, konrad.wilk@oracle.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v2 0/3] Add digitalSignature enforcement keyring restrictions Date: Mon, 22 May 2023 19:09:41 -0400 Message-Id: <20230522230944.180389-1-eric.snowberg@oracle.com> X-Mailer: git-send-email 2.27.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SJ0PR03CA0386.namprd03.prod.outlook.com (2603:10b6:a03:3a1::31) To CH2PR10MB4150.namprd10.prod.outlook.com (2603:10b6:610:ac::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PR10MB4150:EE_|SA3PR10MB7095:EE_ X-MS-Office365-Filtering-Correlation-Id: 6368ce72-7292-4e86-5c6d-08db5b1a1bef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 82hyEA7IqmuYqDSwRP0DtXMxaTXC15yezVrezpn5Jg7zrkh8RLWLu7jTjN94F13g9zSO9haUcDapwo9iwMxQKacxG4qwvanCRvx/j1YII9IxF1VSV4MOBAUpj39t6HzuaD239NeB2W+gviS5VU3F2Eh1xOUDNhI3g9sEdAYEJhUC2GYSSPM6D4RL/M2NpuHV13/BDoRUY2XpGA/H4/tkr+MtmhhBs5pg1RaNUwjMg8RCUq7hb1J8PSmKslNkRDwr8xYeQc38QgMKzTXPLsrCuS4PLeMhYOtXT3TLURe7GEcX4mosK9sI+LedeES7KOOVz/5WLY5BQ7ns4F1Gh0IUSEBULeg7tkCOQ2SmFBkUdcUv84f1x3XokJohUIADUgMvJCYZX+tqI7+n4LulZoBcqmyYtXhpcY4S97Y3D9X7oFIENNAv7kVtuaGr7iv46ZAnXW2UHND+2m5F93RVk0P4/UuNdqvP+S55Y7+LqNTIN81+izgl4P/v6bd3eePj1Adz5V+kC/W8g0qEC4/LhfJt8qL4GvCmTJC7KmcyL0u5zcRp25XtJ1uok3evwKrNe5XRHfzDXEsfVwxj+W15Rg1W6w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH2PR10MB4150.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(396003)(346002)(39860400002)(136003)(376002)(451199021)(2906002)(7416002)(5660300002)(83380400001)(44832011)(8676002)(8936002)(36756003)(66946007)(66556008)(6486002)(966005)(66476007)(4326008)(316002)(41300700001)(478600001)(6666004)(86362001)(2616005)(1076003)(6512007)(186003)(6506007)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: UYJ8s2jK7DDhJ6IWslHeO+Mmg4A54iV4VjjqdiCztV7PP0up3k0PDXIc70dpxILiIqFbTscDPI20tORdKRKRZ07v6XLlZ77cs5ZZb/MpzsqDDrTBppn+jJwZNhZb/e7JlUnxD2Qw1RWi19BzBN1erPR6APmbEx5OS138ZVSkM6NmgbKMe72Nopky1iDfml5VF7JcVtwERPBDcaCyWmmggaDI4xVwsQc9KDuKJM2+3m2KruuHUp4etE3Uugvn6cvyqE6giCU9HPs7yPzJVUh5Zt0gNlBPBvn3G8Z4PxPZoD80BqfZrSf02/JQbIZzOp5EDKyuXl1XGhDGkHYN0ULrFuIp3E8cEmOVI6zzEwO2l+KO5mQenyeoEDbEEKWFZ6MlzrRejvBorq9uGSKFlZAHYT2iqkHbMQpKD4sN/6xf1g22Wp8CE+UbURyXH2xnyjtECax+mosY9F1qfPGJTUQGQJM5SvRR/VvuV6IBV9c7wf4ZzD/yVMD+KhUJUma8C0I0GX4IrQUmCL7LMPJdoSMSm2W/7LBHUJGuGCYZhpdQJ7hWMoZdFMe9BG2pNu6pSJF0ha4/OUASnSmwKUooQTdpkWYBXxn2RV6kgrLqg7hyUSfJzmGyGL0FOPYRGRal3j7pAPQ36TTeFJNiS443RPbdY6sZQxpUUiXUYJefQ+f6Cl0LYuTyafflZozLlxCXvWluFXQUZrPW3dwQua5OaUdXP79nLAefB0/TA53G5Sm8Fz8wqo7j7qshyJcgL1TiRVtxLe3ehZHC2J2emqutSH4ZJ7Le6Hcc/JSicAhfnuy2P6/zv+Ski7K8WCAan5K3Sy1qMCaShQy5ezD8ZGGTQS9yvmUAMkxxjzN+eVe0SNt091/Pak6U+0kFt67q9bcqPG6HtrRXhzHJfq+6sJRPy/jrDG6jxkcf4bcwuWLyLR9qgf6asyEI7+FxB8+Dpx9+jiVt16fcT6b7CNMzPk2ovlH6WE7OY7CJu28b7o+fKo3DiWIQqI4Lshk1DtJ7vYGbwlj7kNW9YveIwBZdJHe//WIGirbyzH2oEplAFYk4R+hsWHamY1bYDmWWdTCyMnknu2LbW+AKP7RKf2x3UAEftLqX5iaQpPrMsBtVkVIarQM0uNcUgBjPUFgX74sc4K/dryUGvvVEq8oee4DcwuU7KHuqXYN48lpexB/TNgaRkEobXsRcVDmHiqOD5PhIdzRaoSfGjvYKoSqJ9xREvpa9KJqvNRv0/Nxom2no/p6dfxpgWeT5y37ARNum9kT72F/WK+Gl61N87Q+FjUtb5m6eY8tcF8hNfY5NETsEVI4sYpEd+PTtthQXI/cK0FoybJMzNjUEJQina1wN04aaauENLzCONactvTbJdFARieUpcseyz8KMupW8XdifeuDA3p6rugMRtkDbo/EnBAKRp6HMH4EMdj4o2iWH0bX+08sEi2P/Hm0RA37C9/N1EuGNZ/XEX0r2hb2BCxY5wbLK5Mg/s7EftswWKwnUuQWfsCSFr5oiUDVGdJytiqYRxtc5VxxJNeCb0RlNsRzOVxEbCQT3SbKKy253KrbR0XEKh5Fgc9PS1ffUJMI3FCg05LmJJ0oX+LHFRrklekOBIDcT88vD+OKaw9oM3Whrdl00Ds43OzUFM00= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: LtPT2RX0PgQk44N30Ci/uvKaPkGfLaeAiMz9Ii9pDqJdp4hxrpzYDM5c3qiGqPyKlRvMMNZ0yTRuLS1KJGc3TPiEzPcTbznf8R0VWwEEwpuRana+H52uiLHdToAwMULNnh/KzeWau8UQpfeQcICrJWZbT/ah5dzvtjzR+E+KXJzpM65rG68eCl3fjd0n34MIxClblUAE3GJJE0g1ttdCGh4nSbBv9OOjJntVGFAR1lDIF0Cdf+9f1WtANlJyK/xKVoYqbtSvWjUq8swFvoc8tGgMGVu9UOpCgifGmgx0ZXNCnFDN0NcsHXsmf2q+DvWhc9GXpbc1XvzOiu+QjkuBQt3AdSUB8hNeeaQdWhj+thaZK1P915tBMN4cqFvM6yynSwzWMX8hVY3qQPnQBNqAT3yr+Rg8y0UAOlpcSwtec5eZW426deCnNDkIi2VtFDtNfwNZBn/s09K7bKTnhmGCfViDJAKoavW9xZq9vuxFEuNLLhcXQHmEyJb/hNJzkjKXS45aiCKnl13CSlwTW8u/As+RFjzHGDB0h4s6UpW50Tq/mUYYlkQhixs7wQ6TSskD+eUibJBtNs6DhZHdV+SmBhlbOmES8WiDBoXtvHEVMGMidXbeubjuLrt67kZF3+ZEkPXI/x3MZGIGgp+Wv3yAt5JVG1iP3ncT9qaqRDDpmWUMeJO5JZPTXFtmyoT/vn0wIIU1eG89a8E+Ojj4YkRZ7vKBz134f4LD9ahF8G5JLv+prnb4+EjaE7pkFrLAgBkvXhpzRFiaNE7zjJc8WpP5bL6Vo8UnUPTtpHAWkPypmJMI9AeW6LyWpC6CWaMitDkTYPoZ69Zuv/GSH8InWlC384hxIh7aE6XNKKw726WOrSCIEzyTQLeBa5x3pSSVmuiV+TRe5BAiPGwq6rCxbx416CAYzGUskIfX1UAlSYWXNtM2M6Qcoot4R5km4nWKHj5N8hGYQk1/RSGgw+pTRQCtKAJ78CDqAhS+B9ZRJkfXMSeDjDITmSwc+yjZn1H7Vn/7S2cGPd4RnzCTw5PA9VjoYVbS6uaC/lIVH1e3OzP7zrsYsT9HUzqbeIeFawWrwlwrGz4C7K3gUdbqxgqZL10dwCshRiUlREZkgZK0E9YwMYu6NNvcM42AKHjBN96GglPR X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6368ce72-7292-4e86-5c6d-08db5b1a1bef X-MS-Exchange-CrossTenant-AuthSource: CH2PR10MB4150.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2023 23:13:10.0535 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Mbfpw1upFvsdo7jJsyX4mvVL3vR+9JBW7HmCFnjsl/PsiMoUsvye6cyJQdrAwfk8q/YiwlAZi3oqhvfpbD3psDDk9u7vvgyxsDUQzdo6KcU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR10MB7095 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-05-22_17,2023-05-22_03,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 mlxlogscore=873 phishscore=0 malwarescore=0 suspectscore=0 spamscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305220197 X-Proofpoint-GUID: kp_RCNIL6B5JCmqhI5p_fpUSyVfmp1cL X-Proofpoint-ORIG-GUID: kp_RCNIL6B5JCmqhI5p_fpUSyVfmp1cL Precedence: bulk List-ID: <linux-integrity.vger.kernel.org> X-Mailing-List: linux-integrity@vger.kernel.org |
Series |
Add digitalSignature enforcement keyring restrictions
|
expand
|