Google Git
Sign in
linux / linux / kernel / git / dhowells / linux-fs / refs/tags/certs-20220621
tagfd87a727e1a505976c640bdc566b2a77ed89da2d
taggerDavid Howells <dhowells@redhat.com>Tue Jun 21 16:08:10 2022 +0100
object3cde3174eb910513d32a9ec8a9b95ea59be833df 
Certs changes
commit3cde3174eb910513d32a9ec8a9b95ea59be833df[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Wed May 18 17:15:34 2022 +0100
committerDavid Howells <dhowells@redhat.com>Tue Jun 21 16:05:12 2022 +0100
tree41ec5b5f807d1f7f04c5d95d2e8caf82e734238b
parent60050ffe3d770dd1df5b641aa48f49d07a54bd84 [diff]
certs: Add FIPS selftests

Add some selftests for signature checking when FIPS mode is enabled.  These
need to be done before we start actually using the signature checking for
things and must panic the kernel upon failure.

Note that the tests must not check the blacklist lest this provide a way to
prevent a kernel from booting by installing a hash of a test key in the
appropriate UEFI table.

Reported-by: Simo Sorce <simo@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Herbert Xu <herbert@gondor.apana.org.au>
cc: keyrings@vger.kernel.org
cc: linux-crypto@vger.kernel.org
Link: https://lore.kernel.org/r/165515742832.1554877.2073456606206090838.stgit@warthog.procyon.org.uk/
5 files changed
tree: 41ec5b5f807d1f7f04c5d95d2e8caf82e734238b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README