On Sat, 2021-05-01 at 15:49 -0700, Linus Torvalds wrote: > On Wed, Apr 28, 2021 at 6:47 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > > In addition to loading the kernel module signing key onto the builtin > > keyring, load it onto the IMA keyring as well. > > This clashed pretty badly with the other cert changes. > > I think the end result looks nice and clean (the cert updates mesh > well with the _intention_ of your code, just not with the > implementation), but you should really double-check that I didn't mess > anything up in the merge and whatever test-case you have for IMA still > works. > > I only verified that the kernel module signing key still works for > modules - no IMA test-case. I'm really sorry I forgot to mention in the pull request that Stephen was carrying a merge conflict fix. Everything looks good. I tested it, making sure that the kernel module signing key is loaded onto the builtin and/or IMA keyrings properly. thanks, Mimi
