Thread (33 messages) 33 messages, 5 authors, 2021-09-02

Re: [PATCH v4 00/12] Enroll kernel keys thru MOK

From: Jarkko Sakkinen <jarkko@kernel.org>
Date: 2021-08-25 22:21:46
Also in: keyrings, linux-crypto, linux-integrity, lkml

On Tue, 2021-08-24 at 10:34 -0400, Mimi Zohar wrote:
quoted
quoted
quoted
Jarkko, I think the emphasis should not be on "machine" from Machine
Owner Key (MOK), but on "owner".  Whereas Nayna is focusing more on the
"_ca" aspect of the name.   Perhaps consider naming it
"system_owner_ca" or something along those lines.
What do you gain such overly long identifier? Makes no sense. What
is "ca aspect of the name" anyway?
As I mentioned previously, the main usage of this new keyring is that it 
should contain only CA keys which can be later used to vouch for user 
keys loaded onto secondary or IMA keyring at runtime. Having ca in the 
name like .xxxx_ca, would make the keyring name self-describing. Since 
you preferred .system, we can call it .system_ca.
Sounds good to me.  Jarkko?

thanks,

Mimi
I just wonder what you exactly gain with "_ca"?

/Jarkko
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help