Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Nov 24, 2021, at 7:49 PM, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> On Tue, 2021-11-23 at 23:41 -0500, Eric Snowberg wrote:
>> +config INTEGRITY_MACHINE_KEYRING
>> +       bool "Provide a keyring to which CA Machine Owner Keys may be added"
>> +       depends on SECONDARY_TRUSTED_KEYRING
>> +       depends on INTEGRITY_ASYMMETRIC_KEYS
> 
> Shouldn't this be "ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y"?   With this
> change, is  "KEYS: Create static version of
> public_key_verify_signature" trusted needed?

I believe it is still needed. If someone were to use the same config as the build bot, 
where ASYMMETRIC_PUBLIC_KEY_SUBTYPE is not defined and 
INTEGRITY_MACHINE_KEYRING is not defined, they would still hit the problem that 
has now been fixed in  "KEYS: Create static version of public_key_verify_signature”. 

I wish the first two patches in this series would be accepted, since I’m only carrying 
them to get past the build bot.





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux