Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eric,

On Tue, 2021-11-23 at 23:41 -0500, Eric Snowberg wrote:
> +config INTEGRITY_MACHINE_KEYRING
> +       bool "Provide a keyring to which CA Machine Owner Keys may be added"
> +       depends on SECONDARY_TRUSTED_KEYRING
> +       depends on INTEGRITY_ASYMMETRIC_KEYS

Shouldn't this be "ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y"?   With this
change, is  "KEYS: Create static version of
public_key_verify_signature" trusted needed?

Mimi

> +       depends on SYSTEM_BLACKLIST_KEYRING
> +       depends on LOAD_UEFI_KEYS
> +       help
> +        If set, provide a keyring to which CA Machine Owner Keys (MOK) may
> +        be added. This keyring shall contain just CA MOK keys.  Unlike keys
> +        in the platform keyring, keys contained in the .machine keyring will
> +        be trusted within the kernel.
> +





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux