Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]

From: Mimi Zohar
Date: Fri Apr 01 2016 - 12:51:16 EST

Next message: Alison Schofield: "[PATCH] staging: iio: ad7606: use iio_device_{claim|release}_direct_mode()"
Previous message: Mark Rutland: "Re: [RFC][PATCH 1/2] dt/bindings: display: Add DT bindings for Mali Display Processors."
In reply to: David Howells: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2016-04-01 at 15:33 +0100, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> > The only place where "KEY_ALLOC_BYPASS_RESTRICTION" is specified is in
> > load_system_certificate_list(), when adding keys to
> > the .builtin_trusted_keys keyring. There is no other set of keys
> > builtin and added to the IMA keyring.
>
> Are the keys loaded by integrity_load_x509() required to be validly signed by
> the builtin/secondary keys? Or is that unnecessary given that they are loaded
> and thus protected through integrity_read_file()?

Loading keys on the IMA keyring is safe, because the certificates must
be signed by a key on the builtin keyring or the secondary keyring, if
it is Kconfig enabled.

Mimi

Next message: Alison Schofield: "[PATCH] staging: iio: ad7606: use iio_device_{claim|release}_direct_mode()"
Previous message: Mark Rutland: "Re: [RFC][PATCH 1/2] dt/bindings: display: Add DT bindings for Mali Display Processors."
In reply to: David Howells: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Next in thread: Mimi Zohar: "Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]