Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Xen submodule should track Qubes Xen #159

Closed
osresearch opened this issue Apr 4, 2017 · 1 comment
Closed

Xen submodule should track Qubes Xen #159

osresearch opened this issue Apr 4, 2017 · 1 comment
Labels
buildsystem enhancement security
Milestone
0.3

Comments

@osresearch
Copy link
Collaborator

Currently the modules/xen references the official Xen source tree, but it should pull from the Qubes Xen tree https://github.com/QubesOS/qubes-vmm-xen so that it can apply Qube's patches as well.
@flammit
Copy link
Collaborator

flammit commented May 9, 2017

Are you thinking of rolling to 4.6.5 and adding the latest Xen security patches (in qubes-vmm-xen/patches.security) manually in the short term or holding off until this qubes-vmm-xen integration is complete?

@flammit flammit mentioned this issue Jun 24, 2017
Closed
@osresearch osresearch added this to the 0.3 milestone Jun 26, 2017
@osresearch osresearch mentioned this issue Aug 14, 2017
Closed
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Add encryption mode with keyed hash nonce, issue linuxboot#159
e04116b
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Detect tty for unattended mode
6a60573 
Call digest() only once

Fix nonce comment

Issues linuxboot#160 linuxboot#159
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Implement HMAC nonce mode xchacha20-t3
3f59ee2 
Save/send ini at checkpoints only if cadence is lt 101 as this is useful only for stateful crypto counter

get_config: Resolve ts difference if only counters differ

send: benchmark fixes

Issues linuxboot#158 linuxboot#159
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Implement crypto mode using manifest hashes, issue linuxboot#161
dab445c 
Use HMAC-256 for faster manifest hashes linuxboot#159

Handle data hashing separately from metadata hashing

Make xchacha20-t3 the default mode

Change subkey derivation from scrypt to HKDF-SHA256

get_configs: check entire .ini structure

Cleanup tmp manifests when closing them

Fix debug tmp retention: use atexit for better cleanup()

Fix benchmark mode cleanup
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Define hmac-sha256 as default data hash and always init with blake2b …
d4cacb7 
…for metadata

Issues linuxboot#159 linuxboot#161
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Improve subkey differentiation:
1f244b7 
Use salts for subkeys, use 512 bits for each, and separate context for each subkey

Note this may invalidate test archives!

Issues linuxboot#159, linuxboot#161
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Assign new encryption mode names, issues linuxboot#159 linuxboot#161
856cabd 
Limit messages for authentication, issue linuxboot#165

Check header ci mode against authenticated cipher mode
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
buildsystem enhancement security
Projects
None yet
Milestone
0.3
Development

No branches or pull requests
2 participants
@flammit @osresearch