Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification

(off-list ancestor, not in this archive)
[PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Michal Suchanek <hidden> · 2022-02-15
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-15
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Michal Suchánek <hidden> · 2022-02-15
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-15
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Michal Suchánek <hidden> · 2022-02-16
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Michal Suchánek <hidden> · 2022-02-16
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Mimi Zohar <zohar@linux.ibm.com> · 2022-02-16
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Michal Suchánek <hidden> · 2022-02-16
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Luis Chamberlain <mcgrof@kernel.org> · 2022-03-22
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-22
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · joeyli <jlee@suse.com> · 2022-03-28
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Mimi Zohar <zohar@linux.ibm.com> · 2022-03-28
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Michal Suchánek <hidden> · 2022-03-28
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Eric Snowberg <eric.snowberg@oracle.com> · 2022-03-28
Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification · Michal Suchánek <hidden> · 2022-03-28

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2022-02-15 20:09:07
Also in: keyrings, linux-arm-kernel, linux-modules, linux-s390, lkml

[Cc'ing Eric Snowberg]

Hi Michal,

On Tue, 2022-02-15 at 20:39 +0100, Michal Suchanek wrote:

Commit 278311e417be ("kexec, KEYS: Make use of platform keyring for signature verify")
adds support for use of platform keyring in kexec verification but
support for modules is missing.

Add support for verification of modules with keys from platform keyring
as well.

Permission for loading the pre-OS keys onto the "platform" keyring and
using them is limited to verifying the kexec kernel image, nothing
else.

FYI, Eric Snowberg's initial patch set titled "[PATCH v10 0/8] Enroll
kernel keys thru MOK" is queued in Jarkko's git repo to be usptreamed. 
A subsequent patch set is expected.

-- 
thanks,

Mimi

[1] Message-Id: [ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help