Hi Eric, The subject line above is too long. According to Documentation/process/submitting-patches.rst the "the ``summary`` must be no more than 70-75 characters". On Tue, 2021-09-07 at 12:01 -0400, Eric Snowberg wrote: > Introduce a new link restriction that includes the trusted builtin, > secondary and machine keys. The restriction is based on the key to be added > being vouched for by a key in any of these three keyrings. > > Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > Signed-off-by: Eric Snowberg <eric.snowberg@xxxxxxxxxx> > --- > v3: Initial version > v4: moved code under CONFIG_INTEGRITY_MOK_KEYRING > v5: Rename to machine keyring > --- > certs/system_keyring.c | 23 +++++++++++++++++++++++ > include/keys/system_keyring.h | 6 ++++++ > 2 files changed, 29 insertions(+) > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 08ea542c8096..955bd57815f4 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -99,6 +99,29 @@ void __init set_machine_trusted_keys(struct key *keyring) > { > machine_trusted_keys = keyring; > } > + > +/** > + * restrict_link_by_builtin_secondary_and_ca_trusted Sorry for the patch churn. With the keyring name change to ".machine", the restriction name should also reflect this change. thanks, Mimi