Re: [PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring

From: Mimi Zohar
Date: Thu Feb 18 2021 - 18:03:22 EST

Next message: Peter Xu: "Re: [PATCH v3 1/4] hugetlb: Pass vma into huge_pte_alloc() and huge_pmd_share()"
Previous message: Stephen Boyd: "Re: [PATCH v2 2/2] drm/msm/dp: add supported max link rate specified from dtsi"
In reply to: Nayna Jain: "[PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring"
Next in thread: Stefan Berger: "Re: [PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2021-02-18 at 17:00 -0500, Nayna Jain wrote:
> The kernel currently only loads the kernel module signing key onto
> the builtin trusted keyring. To support IMA, load the module signing
> key selectively either onto the builtin or IMA keyring based on MODULE_SIG
> or MODULE_APPRAISE_MODSIG config respectively; and loads the CA kernel
> key onto the builtin trusted keyring.
>
> Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx>

Always having a CA key would simplify the code. Otherwise for the
patch set,

Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Next message: Peter Xu: "Re: [PATCH v3 1/4] hugetlb: Pass vma into huge_pte_alloc() and huge_pmd_share()"
Previous message: Stephen Boyd: "Re: [PATCH v2 2/2] drm/msm/dp: add supported max link rate specified from dtsi"
In reply to: Nayna Jain: "[PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring"
Next in thread: Stefan Berger: "Re: [PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]