From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@intel.com>,
jmorris@namei.org, linux-security-module@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC 0/1] ima/evm: signature verification support using asymmetric keys
Date: Fri, 18 Jan 2013 10:16:38 -0500 [thread overview]
Message-ID: <1358522198.26115.6.camel@falcor1.watson.ibm.com> (raw)
In-Reply-To: <27882.1358445829@warthog.procyon.org.uk>
On Thu, 2013-01-17 at 18:03 +0000, David Howells wrote:
> I would also like to have a look at altering your trusted key type[*] to be a
> subtype of asymmetric keys so that the asymmetric key type can cover keys from
> more sources:
>
> - Compiled-in keys.
> - Keys from UEFI db.
> - Keys from TPM (ie. the trusted key stuff).
> - Keys loaded by the administrator _if_ they are validated by a key the
> kernel already has.
>
> [*] I believe that that's your asymmetric key type and that your encrypted key
> type is your symmetric key type.
Both trusted and encrypted keys are random number symmetric keys.
Trusted keys are random number symmetric keys, generated and RSA-sealed
by the TPM.
Mimi
prev parent reply other threads:[~2013-01-18 15:17 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-15 10:34 [RFC 0/1] ima/evm: signature verification support using asymmetric keys Dmitry Kasatkin
2013-01-15 10:34 ` [RFC 1/1] ima: digital signature verification " Dmitry Kasatkin
2013-01-22 22:53 ` Mimi Zohar
2013-01-23 9:03 ` Kasatkin, Dmitry
2013-01-25 21:01 ` Vivek Goyal
2013-01-28 14:54 ` Kasatkin, Dmitry
2013-01-28 15:15 ` Vivek Goyal
2013-01-28 15:20 ` Kasatkin, Dmitry
2013-01-28 18:52 ` Vivek Goyal
2013-01-28 19:51 ` Mimi Zohar
2013-01-28 20:13 ` Vivek Goyal
2013-01-29 0:14 ` Mimi Zohar
2013-01-29 16:30 ` Vivek Goyal
2013-01-29 8:53 ` Kasatkin, Dmitry
2013-01-29 8:48 ` Kasatkin, Dmitry
2013-01-29 18:39 ` Vivek Goyal
2013-01-28 18:56 ` Vivek Goyal
2013-01-28 20:15 ` Mimi Zohar
2013-01-28 20:22 ` Vivek Goyal
2013-01-29 1:48 ` Mimi Zohar
2013-01-29 16:58 ` Vivek Goyal
2013-01-30 6:32 ` Matthew Garrett
2013-01-30 22:22 ` Mimi Zohar
2013-01-29 18:20 ` Vivek Goyal
2013-01-29 20:01 ` Mimi Zohar
2013-01-29 20:10 ` Vivek Goyal
2013-01-29 22:26 ` Mimi Zohar
2013-01-16 19:45 ` [RFC 0/1] ima/evm: signature verification support " Mimi Zohar
2013-01-17 17:52 ` [RFC 1/1] ima: digital signature verification " David Howells
2013-01-17 18:00 ` Kasatkin, Dmitry
2013-01-17 18:03 ` [RFC 0/1] ima/evm: signature verification support " David Howells
2013-01-18 15:16 ` Mimi Zohar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1358522198.26115.6.camel@falcor1.watson.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=jmorris@namei.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).