On Thu, 2011-12-15 at 13:14 +0000, David Howells wrote: > Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > > > Not all keys can be 'refetched'. A trusted key, sealed to a PCR, can > > extend the PCR to prevent it from being re-loaded. Removing the trusted > > key could prevent the instantiation/update of encrypted keys. > > I meant discard and set up a new struct key not actually invalidate any real > key store. Is this actually a problem? If it is, I can certainly add a flag > to prevent struct keys from being invalidated; but that doesn't stop them from > being unlinked or revoked. > > David We discussed it here and don't think it should be a problem. thanks, Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
