On Wed, Jan 30, 2013 at 12:32 PM, David Howells <dhowells@xxxxxxxxxx> wrote: > Kasatkin, Dmitry <dmitry.kasatkin@xxxxxxxxx> wrote: > >> What about the case when running from integrity protected initramfs? >> Either embedded into the signed kernel, or verified by the boot loader. >> In such case it is possible to assume that all keys which are added by >> user space are implicitly trusted. >> Later on, before continuing booting normal rootfs, set the key >> subsystem state (trust-lock), >> so that trusted keyrings accept only explicitly trusted keys... >> >> Does it make sense? > > I'm not sure it does. Initramfs is (re-)fabricated on the machine on which it > runs any time you update one of a set of rpms (such as the kernel rpm) because > it has machine-specific data and drivers in it. > Based on my latest post on signed initramfs it might make sense. But it seems to be that it would be behavior anyway, because "first" key added is implicitly should be assumed trusted. - Dmitry > David > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html