Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > Not all keys can be 'refetched'. A trusted key, sealed to a PCR, can > extend the PCR to prevent it from being re-loaded. Removing the trusted > key could prevent the instantiation/update of encrypted keys. I meant discard and set up a new struct key not actually invalidate any real key store. Is this actually a problem? If it is, I can certainly add a flag to prevent struct keys from being invalidated; but that doesn't stop them from being unlinked or revoked. David -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html