Re: [PATCH v4 00/12] Enroll kernel keys thru MOK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >> Jarkko, I think the emphasis should not be on "machine" from Machine
> >> Owner Key (MOK), but on "owner".  Whereas Nayna is focusing more on the
> >> "_ca" aspect of the name.   Perhaps consider naming it
> >> "system_owner_ca" or something along those lines.

> > What do you gain such overly long identifier? Makes no sense. What
> > is "ca aspect of the name" anyway?
> 
> As I mentioned previously, the main usage of this new keyring is that it 
> should contain only CA keys which can be later used to vouch for user 
> keys loaded onto secondary or IMA keyring at runtime. Having ca in the 
> name like .xxxx_ca, would make the keyring name self-describing. Since 
> you preferred .system, we can call it .system_ca.

Sounds good to me.  Jarkko?

thanks,

Mimi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux