Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine

From: Mimi Zohar
Date: Wed Nov 24 2021 - 21:52:01 EST

Next message: xt.hu[胡先韬]: "RE: [PATCH v2 0/2] Add watchdog driver for Sunplus SP7021 SoC"
Previous message: Dylan Hung: "[PATCH v2] mdio: aspeed: Fix "Link is Down" issue"
Next in thread: Eric Snowberg: "Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Eric,

On Tue, 2021-11-23 at 23:41 -0500, Eric Snowberg wrote:
> +config INTEGRITY_MACHINE_KEYRING
> + bool "Provide a keyring to which CA Machine Owner Keys may be added"
> + depends on SECONDARY_TRUSTED_KEYRING
> + depends on INTEGRITY_ASYMMETRIC_KEYS

Shouldn't this be "ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y"? With this
change, is "KEYS: Create static version of
public_key_verify_signature" trusted needed?

Mimi

> + depends on SYSTEM_BLACKLIST_KEYRING
> + depends on LOAD_UEFI_KEYS
> + help
> + If set, provide a keyring to which CA Machine Owner Keys (MOK) may
> + be added. This keyring shall contain just CA MOK keys. Unlike keys
> + in the platform keyring, keys contained in the .machine keyring will
> + be trusted within the kernel.
> +

Next message: xt.hu[胡先韬]: "RE: [PATCH v2 0/2] Add watchdog driver for Sunplus SP7021 SoC"
Previous message: Dylan Hung: "[PATCH v2] mdio: aspeed: Fix "Link is Down" issue"
Next in thread: Eric Snowberg: "Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]