• Linus Torvalds's avatar
    Merge tag 'tpmdd-next-v5.19-rc1' of... · 7cf6a8a1
    Linus Torvalds authored
    Merge tag 'tpmdd-next-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
    
    Pull tpm updates from Jarkko Sakkinen:
    
     - Tightened validation of key hashes for SYSTEM_BLACKLIST_HASH_LIST. An
       invalid hash format causes a compilation error. Previously, they got
       included to the kernel binary but were silently ignored at run-time.
    
     - Allow root user to append new hashes to the blacklist keyring.
    
     - Trusted keys backed with Cryptographic Acceleration and Assurance
       Module (CAAM), which part of some of the new NXP's SoC's. Now there
       is total three hardware backends for trusted keys: TPM, ARM TEE and
       CAAM.
    
     - A scattered set of fixes and small improvements for the TPM driver.
    
    * tag 'tpmdd-next-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
      MAINTAINERS: add KEYS-TRUSTED-CAAM
      doc: trusted-encrypted: describe new CAAM trust source
      KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
      crypto: caam - add in-kernel interface for blob generator
      crypto: caam - determine whether CAAM supports blob encap/decap
      KEYS: trusted: allow use of kernel RNG for key material
      KEYS: trusted: allow use of TEE as backend without TCG_TPM support
      tpm: Add field upgrade mode support for Infineon TPM2 modules
      tpm: Fix buffer access in tpm2_get_tpm_pt()
      char: tpm: cr50_i2c: Suppress duplicated error message in .remove()
      tpm: cr50: Add new device/vendor ID 0x504a6666
      tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops
      tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
      tpm/tpm_ftpm_tee: Return true/false (not 1/0) from bool functions
      certs: Explain the rationale to call panic()
      certs: Allow root user to append signed hashes to the blacklist keyring
      certs: Check that builtin blacklist hashes are valid
      certs: Make blacklist_vet_description() more strict
      certs: Factor out the blacklist hash creation
      tools/certs: Add print-cert-tbs-hash.sh
    7cf6a8a1
MAINTAINERS 643 KB