On Wed, 2020-11-11 at 10:22 +0100, Roberto Sassu wrote: > Public keys do not need to be appraised by IMA as the restriction on the > IMA/EVM keyrings ensures that a key can be loaded only if it is signed with > a key in the primary or secondary keyring. Let's clean this up a bit. - The public builtin keys ... - IMA/EVM trusted keyrings ... - on the builtin or secondary keyrings > However, when evm_load_x509() is called, appraisal is already enabled and > a valid IMA signature must be added to the EVM key to pass verification. > > Since the restriction is applied on both IMA and EVM keyrings, it is safe and update: - IMA and EVM trusted keyrings > to disable appraisal also when the EVM key is loaded. This patch calls > evm_load_x509() inside ima_load_x509() if CONFIG_IMA_LOAD_X509 is defined. , which crosses the normal IMA and EVM boundary, thanks, Mimi
