Re: [PATCH v2 0/3] KEYS: validate certificate trust with selected owner or builtin key

From: Mimi Zohar
Date: Tue Jun 17 2014 - 08:20:45 EST

Next message: Alex Williamson: "Re: [PATCH v2] iommu/intel: Exclude devices using RMRRs from IOMMU API domains"
Previous message: Wolfram Sang: "Re: I2C Slave monitor mode support"
In reply to: Dmitry Kasatkin: "[PATCH v2 2/3] KEYS: validate certificate trust only with selected owner key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2014-06-17 at 11:56 +0300, Dmitry Kasatkin wrote:
> Instead of allowing public keys, with certificates signed by any key on
> the system trusted keyring, to be added to a trusted keyring, this patch
> set further restricts the certificates to those signed by a particular key
> or builtin keys on the system keyring.
>
> This patch defines a new kernel parameter 'keys_ownerid={id: | builtin}'
> to use specific key or any builtin key.
>
> Changes to v1:
> * key id matching code from asymmetric_type.c is reused in the patch

Nice! The first two we'll upstream, but defer the builtin patch until
the UEFI key patches are upstreamed.

thanks,

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alex Williamson: "Re: [PATCH v2] iommu/intel: Exclude devices using RMRRs from IOMMU API domains"
Previous message: Wolfram Sang: "Re: I2C Slave monitor mode support"
In reply to: Dmitry Kasatkin: "[PATCH v2 2/3] KEYS: validate certificate trust only with selected owner key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]