From: Jarkko Sakkinen <jarkko@kernel.org>
To: Eric Snowberg <eric.snowberg@oracle.com>
Cc: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
dhowells@redhat.com, dwmw2@infradead.org,
dmitry.kasatkin@gmail.com, jmorris@namei.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, zohar@linux.ibm.com,
torvalds@linux-foundation.org, serge@hallyn.com,
James.Bottomley@hansenpartnership.com, pjones@redhat.com,
glin@suse.com
Subject: Re: [RFC PATCH 1/3] keys: Add ability to trust the platform keyring
Date: Thu, 20 May 2021 18:59:49 +0300 [thread overview]
Message-ID: <YKaHdWkXfk4DwqwR@kernel.org> (raw)
In-Reply-To: <20210517225714.498032-2-eric.snowberg@oracle.com>
On Mon, May 17, 2021 at 06:57:12PM -0400, Eric Snowberg wrote:
> Add the ability to allow the secondary_trusted keyring to trust
> keys in the platform keyring. This is done by doing a key_link
What this looks for me doing is to *replace* the secondary
trusted keyring with the platform keyring.
So this should be "Add ability to replace the secondary trusted
keyring with the platform keyring." This is what the code change
is actually doing so it would be nice to say it out loud.
> of the platform_trusted_keys to the secondary_trusted_keys.
> After they are linked, the platform_trusted_keys can be used for
> validation instead of the secondary_trusted_keys if the user
> chooses. This functionality will be used in a follow on patch.
>
> Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
/Jarkko
next prev parent reply other threads:[~2021-05-20 15:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 22:57 [RFC PATCH 0/3] Add additional MOK vars Eric Snowberg
2021-05-17 22:57 ` [RFC PATCH 1/3] keys: Add ability to trust the platform keyring Eric Snowberg
2021-05-20 15:59 ` Jarkko Sakkinen [this message]
2021-05-17 22:57 ` [RFC PATCH 2/3] keys: Trust platform keyring if MokTrustPlatform found Eric Snowberg
2021-05-17 22:57 ` [RFC PATCH 3/3] ima: Enable IMA SB Policy if MokIMAPolicy found Eric Snowberg
2021-05-19 7:55 ` [RFC PATCH 0/3] Add additional MOK vars Jarkko Sakkinen
2021-05-19 14:32 ` Mimi Zohar
2021-05-19 22:04 ` Eric Snowberg
2021-05-20 12:22 ` Mimi Zohar
2021-05-20 20:37 ` Eric Snowberg
2021-05-21 11:44 ` Mimi Zohar
2021-05-24 0:57 ` Eric Snowberg
2021-05-24 11:12 ` Mimi Zohar
2021-06-01 15:24 ` Eric Snowberg
2021-05-24 10:09 ` Dr. Greg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YKaHdWkXfk4DwqwR@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dwmw2@infradead.org \
--cc=eric.snowberg@oracle.com \
--cc=glin@suse.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pjones@redhat.com \
--cc=serge@hallyn.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).