Hi Peter, On Thu, 2018-02-15 at 13:24 -0500, Peter P. wrote: > Hey all, > > Is there a way to make the certs on a trusted keyring such as > secondary or builtin_trusted readable to non-root users? As far as I'm aware, you can't read trusted keyrings directly. If you wanted to extend the kernel's signature chain of trust to a userspace keyring, Matt Martineau's userspace restrict_link support for userspace was upstreamed in 4.12. Refer to http://kernsec.org/piperma il/linux-security-module-archive/2017-March/000309.html. Mimi
