Re: [PATCH v8 03/17] integrity: Introduce a Linux keyring called machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Nov 24, 2021, at 7:49 PM, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> On Tue, 2021-11-23 at 23:41 -0500, Eric Snowberg wrote:
>> +config INTEGRITY_MACHINE_KEYRING
>> +       bool "Provide a keyring to which CA Machine Owner Keys may be added"
>> +       depends on SECONDARY_TRUSTED_KEYRING
>> +       depends on INTEGRITY_ASYMMETRIC_KEYS
> 
> Shouldn't this be "ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y"?   With this
> change, is  "KEYS: Create static version of
> public_key_verify_signature" trusted needed?

I believe it is still needed. If someone were to use the same config as the build bot, 
where ASYMMETRIC_PUBLIC_KEY_SUBTYPE is not defined and 
INTEGRITY_MACHINE_KEYRING is not defined, they would still hit the problem that 
has now been fixed in  "KEYS: Create static version of public_key_verify_signature”. 

I wish the first two patches in this series would be accepted, since I’m only carrying 
them to get past the build bot.





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux