Re: [RFC PATCH 00/15] KEYS: Restrict additions to 'trusted' keyrings

From: Mimi Zohar
Date: Mon Jan 11 2016 - 21:44:49 EST

Next message: Josh Triplett: "Re: [RFC PATCH 0/3] Implement getcpu_cache system call"
Previous message: Laxman Dewangan: "Re: [rtc-linux] [PATCH 5/6] rtc: max77620: add support for max77620/max20024 RTC driver"
In reply to: David Howells: "Re: [RFC PATCH 00/15] KEYS: Restrict additions to 'trusted' keyrings"
Next in thread: David Howells: "Re: [RFC PATCH 00/15] KEYS: Restrict additions to 'trusted' keyrings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2016-01-12 at 00:38 +0000, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> > Back in November, Mehmet Kayaalp posted a patch for safely adding
> > additional keys to the system keyring post build and a tool for
> > re-signing the kernel.
> >
> > https://www.mail-archive.com/linux-security-module@xxxxxxxxxxxxxxx/msg03679.html
>
> That's irrelevant to this particular discussion.

Not really. The discussion centers around the system keyring and the
origin of the keys on it. These patches safely allow additional keys to
be added post-build to the system keyring.

> And, yes, I should deal with
> his patch.

Thank you.

Mimi

Next message: Josh Triplett: "Re: [RFC PATCH 0/3] Implement getcpu_cache system call"
Previous message: Laxman Dewangan: "Re: [rtc-linux] [PATCH 5/6] rtc: max77620: add support for max77620/max20024 RTC driver"
In reply to: David Howells: "Re: [RFC PATCH 00/15] KEYS: Restrict additions to 'trusted' keyrings"
Next in thread: David Howells: "Re: [RFC PATCH 00/15] KEYS: Restrict additions to 'trusted' keyrings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]