Skip to content
Commit 9d8e7007 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd 

Pull tpm updates from Jarkko Sakkinen:
 "In order to split the work a bit we've aligned with David Howells more
  or less that I take more hardware/firmware aligned keyring patches,
  and he takes care more of the framework aligned patches.

  For TPM the patches worth of highlighting are the fixes for
  refcounting provided by Lino Sanfilippo and James Bottomley.

  Eric B. has done a bunch obvious (but important) fixes but there's one
  a bit controversial: removal of asym_tpm. It was added in 2018 when
  TPM1 was already declared as insecure and world had moved on to TPM2.
  I don't know how this has passed all the filters but I did not have a
  chance to see the patches when they were out. I simply cannot commit
  to maintaining this because it was from all angles just wrong to take
  it in the first place to the mainline kernel. Nobody should use this
  module really for anything.

  Finally, there is a new keyring '.machine' to hold MOK keys ('Machine
  Owner Keys'). In the mok side MokListTrustedRT UEFI variable can be
  set, from which kernel knows that MOK keys are kernel trusted keys and
  they are populated to the machine keyring. This keyring linked to the
  secondary trusted keyring, which means that can be used like any
  kernel trusted keys. This keyring of course can be used to hold other
  MOK'ish keys in other platforms in future"

* tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (24 commits)
  tpm: use try_get_ops() in tpm-space.c
  KEYS: asymmetric: properly validate hash_algo and encoding
  KEYS: asymmetric: enforce that sig algo matches key algo
  KEYS: remove support for asym_tpm keys
  tpm: fix reference counting for struct tpm_chip
  integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
  integrity: Trust MOK keys if MokListTrustedRT found
  efi/mokvar: move up init order
  KEYS: Introduce link restriction for machine keys
  KEYS: store reference to machine keyring
  integrity: add new keyring handler for mok keys
  integrity: Introduce a Linux keyring called machine
  integrity: Fix warning about missing prototypes
  KEYS: trusted: Avoid calling null function trusted_key_exit
  KEYS: trusted: Fix trusted key backends when building as module
  tpm: xen-tpmfront: Use struct_size() helper
  KEYS: x509: remove dead code that set ->unsupported_sig
  KEYS: x509: remove never-set ->unsupported_key flag
  KEYS: x509: remove unused fields
  KEYS: x509: clearly distinguish between key and signature algorithms
  ...
parents f443e374 fb5abce6
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment