On 2/18/21 5:00 PM, Nayna Jain wrote:
The kernel currently only loads the kernel module signing key onto the builtin trusted keyring. To support IMA, load the module signing key selectively either onto the builtin or IMA keyring based on MODULE_SIG or MODULE_APPRAISE_MODSIG config respectively; and loads the CA kernel key onto the builtin trusted keyring. Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
