1. 28 Nov, 2010 7 commits
    • Mimi Zohar's avatar
      keys: add new key-type encrypted · 7e70cb49
      Mimi Zohar authored
      Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel
      generated random numbers, which are encrypted/decrypted with a 'trusted'
      symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.
      Userspace only ever sees/stores encrypted blobs.
      
      Changelog:
      - bug fix: replaced master-key rcu based locking with semaphore
        (reported by David Howells)
      - Removed memset of crypto_shash_digest() digest output
      - Replaced verification of 'key-type:key-desc' using strcspn(), with
        one based on string constants.
      - Moved documentation to Documentation/keys-trusted-encrypted.txt
      - Replace hash with shash (based on comments by David Howells)
      - Make lengths/counts size_t where possible (based on comments by David Howells)
        Could not convert most lengths, as crypto expects 'unsigned int'
        (size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)
      - Add 'const' where possible (based on comments by David Howells)
      - allocate derived_buf dynamically to support arbitrary length master key
        (fixed by Roberto Sassu)
      - wait until late_initcall for crypto libraries to be registered
      - cleanup security/Kconfig
      - Add missing 'update' keyword (reported/fixed by Roberto Sassu)
      - Free epayload on failure to create key (reported/fixed by Roberto Sassu)
      - Increase the data size limit (requested by Roberto Sassu)
      - Crypto return codes are always 0 on success and negative on failure,
        remove unnecessary tests.
      - Replaced kzalloc() with kmalloc()
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: default avatarDavid Safford <safford@watson.ibm.com>
      Reviewed-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      7e70cb49
    • Mimi Zohar's avatar
      keys: add new trusted key-type · d00a1c72
      Mimi Zohar authored
      Define a new kernel key-type called 'trusted'.  Trusted keys are random
      number symmetric keys, generated and RSA-sealed by the TPM.  The TPM
      only unseals the keys, if the boot PCRs and other criteria match.
      Userspace can only ever see encrypted blobs.
      
      Based on suggestions by Jason Gunthorpe, several new options have been
      added to support additional usages.
      
      The new options are:
      migratable=  designates that the key may/may not ever be updated
                   (resealed under a new key, new pcrinfo or new auth.)
      
      pcrlock=n    extends the designated PCR 'n' with a random value,
                   so that a key sealed to that PCR may not be unsealed
                   again until after a reboot.
      
      keyhandle=   specifies the sealing/unsealing key handle.
      
      keyauth=     specifies the sealing/unsealing key auth.
      
      blobauth=    specifies the sealed data auth.
      
      Implementation of a kernel reserved locality for trusted keys will be
      investigated for a possible future extension.
      
      Changelog:
      - Updated and added examples to Documentation/keys-trusted-encrypted.txt
      - Moved generic TPM constants to include/linux/tpm_command.h
        (David Howell's suggestion.)
      - trusted_defined.c: replaced kzalloc with kmalloc, added pcrlock failure
        error handling, added const qualifiers where appropriate.
      - moved to late_initcall
      - updated from hash to shash (suggestion by David Howells)
      - reduced worst stack usage (tpm_seal) from 530 to 312 bytes
      - moved documentation to Documentation directory (suggestion by David Howells)
      - all the other code cleanups suggested by David Howells
      - Add pcrlock CAP_SYS_ADMIN dependency (based on comment by Jason Gunthorpe)
      - New options: migratable, pcrlock, keyhandle, keyauth, blobauth (based on
        discussions with Jason Gunthorpe)
      - Free payload on failure to create key(reported/fixed by Roberto Sassu)
      - Updated Kconfig and other descriptions (based on Serge Hallyn's suggestion)
      - Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)
      Signed-off-by: default avatarDavid Safford <safford@watson.ibm.com>
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      d00a1c72
    • Mimi Zohar's avatar
      key: add tpm_send command · c749ba91
      Mimi Zohar authored
      Add internal kernel tpm_send() command used to seal/unseal keys.
      
      Changelog:
      - replaced module_put in tpm_send() with new tpm_chip_put() wrapper
        (suggested by David Howells)
      - Make tpm_send() cmd argument a 'void *' (suggested by David Howells)
      Signed-off-by: default avatarDavid Safford <safford@watson.ibm.com>
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Acked-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarSerge E. Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      c749ba91
    • Mimi Zohar's avatar
      tpm: add module_put wrapper · a0e39349
      Mimi Zohar authored
      For readability, define a tpm_chip_put() wrapper to call module_put().
      Replace existing module_put() calls with the wrapper.
      
      (Change based on trusted/encrypted patchset review by David Howells.)
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: default avatarDavid Safford <safford@watson.ibm.com>
      Acked-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarSerge E. Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      a0e39349
    • Mimi Zohar's avatar
      lib: hex2bin converts ascii hexadecimal string to binary · dc88e460
      Mimi Zohar authored
      Similar to the kgdb_hex2mem() code, hex2bin converts a string
      to binary using the hex_to_bin() library call.
      
      Changelog:
      - Replace parameter names with src/dst (based on David Howell's comment)
      - Add 'const' where needed (based on David Howell's comment)
      - Replace int with size_t (based on David Howell's comment)
      Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
      Acked-by: default avatarSerge E. Hallyn <serge@hallyn.com>
      Acked-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      dc88e460
    • Serge E. Hallyn's avatar
      security: Define CAP_SYSLOG · ce6ada35
      Serge E. Hallyn authored
      Privileged syslog operations currently require CAP_SYS_ADMIN.  Split
      this off into a new CAP_SYSLOG privilege which we can sanely take away
      from a container through the capability bounding set.
      
      With this patch, an lxc container can be prevented from messing with
      the host's syslog (i.e. dmesg -c).
      
      Changelog: mar 12 2010: add selinux capability2:cap_syslog perm
      Changelog: nov 22 2010:
      	. port to new kernel
      	. add a WARN_ONCE if userspace isn't using CAP_SYSLOG
      Signed-off-by: default avatarSerge Hallyn <serge.hallyn@ubuntu.com>
      Acked-by: default avatarAndrew G. Morgan <morgan@kernel.org>
      Acked-By: default avatarKees Cook <kees.cook@canonical.com>
      Cc: James Morris <jmorris@namei.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: "Christopher J. PeBenito" <cpebenito@tresys.com>
      Cc: Eric Paris <eparis@parisplace.org>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      ce6ada35
    • James Morris's avatar
      Merge branch 'master' into next · 1d6d7568
      James Morris authored
      1d6d7568
  2. 27 Nov, 2010 1 commit
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6 · 0f639a3c
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: (30 commits)
        ALSA: hda - Use ALC_INIT_DEFAULT for really default initialization
        ASoC: Fix resource reclaim for osk5912
        ASoC: tlv320aic3x - fix variable may be used uninitialized warning
        ASoC: davinci-vcif - fix a memory leak
        ASoC: phycore-ac97: fix resource leak
        ASoC: imx-ssi: fix resource leak
        ASoC: simone: fix resource leak in simone_init error path
        ASoC: sam9g20_wm8731: fix resource leak in at91sam9g20ek_init error path
        ASoC: snd-soc-afeb9260: remove unneeded platform_device_del in error path
        ASoC: pcm030-audio-fabric: fix resource leak in pcm030_fabric_init error path
        ASoC: efika-audio-fabric: fix resource leak in efika_fabric_init error path
        ASoC: Call snd_soc_unregister_dais instead of snd_soc_unregister_dai in sh4_soc_dai_remove
        ASoC: fix SND_PXA2XX_LIB Kconfig warning
        ALSA: hda - Fix ALC660-VD/ALC861-VD capture/playback mixers
        ALSA: HDA: Add an extra DAC for Realtek ALC887-VD
        ASoC: nuc900-ac97: fix a memory leak
        ASoC: Return proper error for omap3pandora_soc_init
        ASoC: wm8961 - clear WM8961_MCLKDIV bit for freq <= 16500000
        ASoC: wm8961 - clear WM8961_DACSLOPE bit for normal mode
        ALSA: hda - Fix Acer 7730G support
        ...
      0f639a3c
  3. 26 Nov, 2010 15 commits
  4. 25 Nov, 2010 17 commits