Thread (41 messages) 41 messages, 4 authors, 2021-11-19

Re: [PATCH v7 12/17] KEYS: integrity: change link restriction to trust the machine keyring

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-11-19 00:23:58
Also in: keyrings, linux-crypto, linux-efi, linux-integrity, lkml 

On Mon, 2021-11-15 at 19:15 -0500, Eric Snowberg wrote:
With the introduction of the machine keyring, the end-user may choose to
trust Machine Owner Keys (MOK) within the kernel. If they have chosen to
trust them, the .machine keyring will contain these keys.  If not, the
machine keyring will always be empty.  Update the restriction check to
allow the secondary trusted keyring and ima keyring to also trust
machine keys.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by:  Mimi Zohar <zohar@linux.ibm.com>
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help