Bug 1213270 - Support CodeSigning extended key usage in ALP kernel to align with SLE kernel
Summary: Support CodeSigning extended key usage in ALP kernel to align with SLE kernel
Status: RESOLVED FIXED
Alias: None
Product: Granite
Classification: SUSE ALP - SUSE Adaptable Linux Platform
Component: Kernel (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Normal
Target Milestone: ---
Assignee: Joey Lee
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-13 06:32 UTC by Joey Lee
Modified: 2024-06-25 17:49 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joey Lee 2023-07-13 06:32:18 UTC 
Support CodeSigning extended key usage in ALP kernel to align with SLE kernel

ALP-current kernel doesn't support CodeSigning extended key usage now. Which means that ALP does not meet NIAP PP_OS certification's requirement.

Porting the following patches from SLE to ALP kernel:

# NIAP PP_OS bsc#1177353, bsc#1179076
patches.suse/0001-X.509-Add-CodeSigning-extended-key-usage-parsing.patch
patches.suse/0002-PKCS-7-Check-codeSigning-EKU-for-kernel-module-and-k.patch
patches.suse/0003-modsign-Add-codeSigning-EKU-when-generating-X.509-ke.patch
patches.suse/0004-Documentation-admin-guide-module-signing.rst-add-ope.patch
Comment 1 Joey Lee 2023-07-13 06:40:49 UTC 
I have submit those 4 patches to ALP-current/for-next and wait to be merged.
Comment 2 Joey Lee 2023-07-18 05:54:19 UTC 
(In reply to Joey Lee from comment #1)
> I have submit those 4 patches to ALP-current/for-next and wait to be merged.

Those patches be merged to ALP-current. Set FIXED.