Go to file
Mickaël Salaün addf466389 certs: Check that builtin blacklist hashes are valid
Add and use a check-blacklist-hashes.awk script to make sure that the
builtin blacklist hashes set with CONFIG_SYSTEM_BLACKLIST_HASH_LIST will
effectively be taken into account as blacklisted hashes.  This is useful
to debug invalid hash formats, and it make sure that previous hashes
which could have been loaded in the kernel, but silently ignored, are
now noticed and deal with by the user at kernel build time.

This also prevent stricter blacklist key description checking (provided
by following commits) to failed for builtin hashes.

Update CONFIG_SYSTEM_BLACKLIST_HASH_LIST help to explain the content of
a hash string and how to generate certificate ones.

Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Eric Snowberg <eric.snowberg@oracle.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210712170313.884724-3-mic@digikod.net
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2022-05-23 18:47:49 +03:00
Documentation Input updates for v5.18-rc7 2022-05-21 13:58:43 -10:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
arch ARM: 2022-05-20 20:34:59 -10:00
block block/mq-deadline: Set the fifo_time member also if inserting at head 2022-05-13 17:02:46 -06:00
certs certs: Check that builtin blacklist hashes are valid 2022-05-23 18:47:49 +03:00
crypto certs: Factor out the blacklist hash creation 2022-05-23 18:47:49 +03:00
drivers Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2022-05-22 08:04:38 -10:00
fs afs: Fix afs_getattr() to refetch file status if callback break occurred 2022-05-22 09:25:47 -10:00
include certs: Factor out the blacklist hash creation 2022-05-23 18:47:49 +03:00
init Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
ipc fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
kernel perf: Fix sys_perf_event_open() race against self 2022-05-20 08:44:00 -10:00
lib Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2022-05-18 14:02:25 -10:00
mm hotfixes for 5.18-rc7 2022-05-13 10:22:37 -07:00
net A fix for a nasty use-after-free, marked for stable. 2022-05-20 08:15:40 -10:00
samples sched/tracing: Append prev_state to tp args instead 2022-05-12 00:37:11 +02:00
scripts certs: Check that builtin blacklist hashes are valid 2022-05-23 18:47:49 +03:00
security certs: Factor out the blacklist hash creation 2022-05-23 18:47:49 +03:00
sound ALSA: usb-audio: Restore Rane SL-1 quirk 2022-05-16 12:41:13 +02:00
tools tools/certs: Add print-cert-tbs-hash.sh 2022-05-23 18:47:49 +03:00
usr Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
virt KVM: Free new dirty bitmap if creating a new memslot fails 2022-05-20 13:02:05 -04:00
.clang-format genirq/msi: Make interrupt allocation less convoluted 2021-12-16 22:22:20 +01:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap hotfixes for 5.18-rc7 2022-05-13 10:22:37 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: replace a Microchip AT91 maintainer 2022-02-09 11:30:01 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS certs: Check that builtin blacklist hashes are valid 2022-05-23 18:47:49 +03:00
Makefile Linux 5.18 2022-05-22 09:52:31 -10:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.