Hi, On Wed, Jul 20, 2022 at 02:43:54PM -0400, Elaine Palmer wrote: > > At LSS 2022 NA, a recent talk titled, "Establishing Trust > in Linux Keyrings – Is trust built-in, imputed, or transitive?"[1] > triggered some discussion, which is best continued here. > > Background and current state as of Linux 5.18 > --------------------------------------------- > To save space, some terms are abbreviated: > > Official name abbreviated Origin of trust / who vouches > ------------- ----------- ----------------------------- > secure boot keys SB keys hardware keys (if present) > bootloader bootloader SB keys > kernel signer signer bootloader > .builtin_trusted_keys builtin kernel signer > .secondary_trusted_keys secondary builtin & (new in 5.18) machine > .ima ima builtin & secondary > .platform platform firmware, SB, MOK > .machine machine MOK, management system > > In simplified story form, hardware keys authorize secure boot keys, > which authorize the bootloader, which authorizes whoever signs > the kernel, who authorizes the builtin keys, which (along with > the machine keys) authorize the secondary keys, which > (along with builtin) authorize the ima keys. > > The firmware, secure boot keys, or machine owner keys (MOK) > authorize the platform keys. MOK or a management system > authorizes the machine keys. > There is a case where the platform manufacturer is also the machine ower. Is it possible that they use keys in db as mok? On the other hand, why kernel only allows keys in db for kexec? Is it because UEFI spec says db is the signature store only for secure boot? Thanks a lot! Joey Lee
