- b1c3d2b certs: Fix build error when PKCS#11 URI contains semicolon by Jan Luebbe · 1 year, 11 months ago
- 2154aca certs: make system keyring depend on built-in x509 parser by Masahiro Yamada · 2 years, 4 months ago
- 0af5cb3 Merge tag 'kbuild-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild by Linus Torvalds · 2 years, 5 months ago
- 31f6d95 certs: unify blacklist_hashes.c and blacklist_nohashes.c by Masahiro Yamada · 2 years, 7 months ago
- 9008a67 certs: move scripts/check-blacklist-hashes.awk to certs/ by Masahiro Yamada · 2 years, 7 months ago
- e908862 certs: make system keyring depend on x509 parser by Adam Borowski · 2 years, 6 months ago
- 0273fd4 Merge tag 'certs-20220621' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs by Linus Torvalds · 2 years, 6 months ago
- 60050ff certs: Move load_certificate_list() to be with the asymmetric keys code by David Howells · 2 years, 8 months ago
- 27b5b22 certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build by Masahiro Yamada · 2 years, 7 months ago
- 6a1c376 certs/blacklist_hashes.c: fix const confusion in certs blacklist by Masahiro Yamada · 2 years, 7 months ago
- d56fd98 certs: Convert spaces in certs/Makefile to a tab by David Howells · 2 years, 7 months ago
- 6bfb56e cert host tools: Stop complaining about deprecated OpenSSL functions by Linus Torvalds · 2 years, 7 months ago
- df202b4 Merge tag 'kbuild-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild by Linus Torvalds · 2 years, 7 months ago
- 4d99750 certs: Explain the rationale to call panic() by Mickaël Salaün · 2 years, 9 months ago
- 6364d10 certs: Allow root user to append signed hashes to the blacklist keyring by Mickaël Salaün · 3 years, 6 months ago
- addf466 certs: Check that builtin blacklist hashes are valid by Mickaël Salaün · 3 years, 6 months ago
- bf21dc5 certs: Make blacklist_vet_description() more strict by Mickaël Salaün · 3 years, 6 months ago
- 141e523 certs: Factor out the blacklist hash creation by Mickaël Salaün · 3 years, 6 months ago
- d5ea4fe kbuild: Allow kernel installation packaging to override pkg-config by Chun-Tse Shao · 2 years, 9 months ago
- b8321ed Merge tag 'kbuild-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild by Linus Torvalds · 2 years, 9 months ago
- 087aa4e KEYS: Introduce link restriction for machine keys by Eric Snowberg · 3 years ago
- 56edb6c KEYS: store reference to machine keyring by Eric Snowberg · 3 years ago
- f44b645 certs: simplify empty certs creation in certs/Makefile by Masahiro Yamada · 2 years, 11 months ago
- 6ce019f certs: include certs/signing_key.x509 unconditionally by Masahiro Yamada · 2 years, 11 months ago
- e6340b6 certs: Fix build error when CONFIG_MODULE_SIG_KEY is empty by Masahiro Yamada · 3 years ago
- ad29a2f certs: Fix build error when CONFIG_MODULE_SIG_KEY is PKCS#11 URI by Masahiro Yamada · 3 years ago
- 340a025 certs: move scripts/extract-cert to certs/ by Masahiro Yamada · 3 years, 1 month ago
- 129ab0d kbuild: do not quote string values in include/config/auto.conf by Masahiro Yamada · 3 years, 1 month ago
- b8c96a6 certs: simplify $(srctree)/ handling and remove config_filename macro by Masahiro Yamada · 3 years, 1 month ago
- 5410f3e certs: remove misleading comments about GCC PR by Masahiro Yamada · 3 years, 1 month ago
- 5cca360 certs: refactor file cleaning by Masahiro Yamada · 3 years, 1 month ago
- 3958f21 certs: remove unneeded -I$(srctree) option for system_certificates.o by Masahiro Yamada · 3 years, 1 month ago
- 1c4bd9f certs: unify duplicated cmd_extract_certs and improve the log by Masahiro Yamada · 3 years, 1 month ago
- c537e4d certs: use $< and $@ to simplify the key generation rule by Masahiro Yamada · 3 years, 1 month ago
- e06a61a certs: use if_changed to re-generate the key when the key type is changed by Masahiro Yamada · 3 years, 2 months ago
- 54c8b51 certs: use 'cmd' to hide openssl output in silent builds more simply by Masahiro Yamada · 3 years, 2 months ago
- f8487d2 certs: remove noisy messages while generating the signing key by Masahiro Yamada · 3 years, 2 months ago
- f3a2ba4 certs: check-in the default x509 config file by Masahiro Yamada · 3 years, 2 months ago
- 54e2c77 certs: remove meaningless $(error ...) in certs/Makefile by Masahiro Yamada · 3 years, 2 months ago
- be0d5fa7 certs: move the 'depends on' to the choice of module signing keys by Masahiro Yamada · 3 years, 3 months ago
- a4aed36 certs: Add support for using elliptic curve keys for signing modules by Stefan Berger · 3 years, 6 months ago
- ea35e0d certs: Trigger creation of RSA module signing key if it's not an RSA key by Stefan Berger · 3 years, 6 months ago
- 0f979d8 Merge tag 'kbuild-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild by Linus Torvalds · 3 years, 8 months ago
- e6f0bf0 Merge tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity by Linus Torvalds · 3 years, 8 months ago
- 9009b45 .gitignore: prefix local generated files with a slash by Masahiro Yamada · 3 years, 8 months ago
- 781a573 ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies by Nayna Jain · 3 years, 8 months ago
- 81f20231 certs: add 'x509_revocation_list' to gitignore by Linus Torvalds · 3 years, 8 months ago
- 6cbdfb3 ima: enable loading of build time generated key on .ima keyring by Nayna Jain · 3 years, 9 months ago
- 0165f4c ima: enable signing of modules with build time generated key by Nayna Jain · 3 years, 9 months ago
- d1f0441 certs: Add ability to preload revocation certs by Eric Snowberg · 4 years ago
- 2565ca7 certs: Move load_system_certificate_list to a common function by Eric Snowberg · 4 years ago
- 56c5812 certs: Add EFI_CERT_X509_GUID support for dbx entries by Eric Snowberg · 4 years ago
- a6cb0ab certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID by Mickaël Salaün · 4 years, 1 month ago
- 4993e1f certs: Fix blacklist flag type confusion by David Howells · 4 years, 1 month ago
- 84ffbef certs: Fix blacklisted hexadecimal hash string check by Mickaël Salaün · 4 years, 1 month ago
- 0b2d443 certs/blacklist: fix kernel doc interface issue by Alex Shi · 4 years, 2 months ago
- d198b34f .gitignore: add SPDX License Identifier by Masahiro Yamada · 4 years, 10 months ago
- 2985bed6 .gitignore: remove too obvious comments by Masahiro Yamada · 4 years, 10 months ago
- 2434f7d certs: Add wrapper function to check blacklisted binary hash by Nayna Jain · 5 years ago
- 2a7bf67 PKCS#7: Refactor verify_pkcs7_signature() by Thiago Jung Bauermann · 6 years ago
- 028db3e Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" by Linus Torvalds · 5 years ago
- 0f75ef6 Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs by Linus Torvalds · 5 years ago
- c84ca91 Merge tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs by Linus Torvalds · 5 years ago
- 2e12256 keys: Replace uid/gid/perm permissions checking with an ACL by David Howells · 6 years ago
- dcf49db keys: Add a 'recurse' flag for keyring searches by David Howells · 6 years ago
- b4d0d23 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 by Thomas Gleixner · 6 years ago
- 278311e kexec, KEYS: Make use of platform keyring for signature verify by Kairui Song · 6 years ago
- 219a3e8 integrity, KEYS: add a reference to platform keyring by Kairui Song · 6 years ago
- 172caf1 kbuild: remove redundant target cleaning on failure by Masahiro Yamada · 6 years ago
- c4df32c export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() by Masahiro Yamada · 6 years ago
- 817aef2 Replace magic for trusting the secondary keyring with #define by Yannik Sembritzki · 6 years ago
- 2e20ce4 certs/blacklist: fix const confusion by Nick Desaulniers · 7 years ago
- 5fb94e9 docs: Fix some broken references by Mauro Carvalho Chehab · 7 years ago
- 2be04df certs/blacklist_nohashes.c: fix const confusion in certs blacklist by Andi Kleen · 7 years ago
- b244131 License cleanup: add SPDX GPL-2.0 license identifier to files with no license by Greg Kroah-Hartman · 7 years ago
- 5ccbdbf9 modsign: add markers to endif-statements in certs/Makefile by Jarkko Sakkinen · 7 years ago
- 6e7c2b4 scripts/spelling.txt: add "intialise(d)" pattern and fix typo instances by Masahiro Yamada · 8 years ago
- 2b6aa41 KEYS: Use structure to capture key restriction function and data by Mat Martineau · 8 years ago
- aaf66c8 KEYS: Split role of the keyring pointer for keyring restrict functions by Mat Martineau · 8 years ago
- 734114f KEYS: Add a system blacklist keyring by David Howells · 8 years ago
- d3bfe84 certs: Add a secondary system keyring that can be added to dynamically by David Howells · 9 years ago
- 77f68ba KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED by David Howells · 9 years ago
- a511e1a KEYS: Move the point of trust determination to __key_link() by David Howells · 9 years ago
- 99716b7 KEYS: Make the system trusted keyring depend on the asymmetric key type by David Howells · 9 years ago
- 5ac7eac KEYS: Add a facility to restrict new links into a keyring by David Howells · 9 years ago
- bda850c PKCS#7: Make trust determination dependent on contents of trust keyring by David Howells · 9 years ago
- e68503b KEYS: Generalise system_verify_data() to provide access to internal content by David Howells · 9 years ago
- 0d1db3e certs: Fix misaligned data in extra certificate list by David Howells · 9 years ago
- c4c3610 KEYS: Reserve an extra certificate symbol for inserting without recompiling by Mehmet Kayaalp · 9 years ago
- 5d06ee2 modsign: hide openssl output in silent builds by Arnd Bergmann · 9 years ago
- 5d2787c KEYS: Add an alloc flag to convey the builtinness of a key by David Howells · 9 years ago
- 48dbc16 certs: add .gitignore to stop git nagging about x509_certificate_list by Paul Gortmaker · 9 years ago
- 3ee550f modsign: Handle signing key in source tree by David Woodhouse · 9 years ago
- 62172c8 modsign: Use if_changed rule for extracting cert from module signing key by David Woodhouse · 9 years ago
- cfc411e Move certificate handling to its own directory by David Howells · 9 years ago