Re: [RFC 0/1] ima/evm: signature verification support usingasymmetric keys

From: Mimi Zohar
Date: Fri Jan 18 2013 - 10:17:23 EST

Next message: Radek Pilar: "Suspend to RAM - freeze & sync"
Previous message: Linus Walleij: "Re: [PATCH 1/7] pinctrl: pinconf-generic: add drive strength parameter"
In reply to: David Howells: "Re: [RFC 0/1] ima/evm: signature verification support using asymmetric keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2013-01-17 at 18:03 +0000, David Howells wrote:

> I would also like to have a look at altering your trusted key type[*] to be a
> subtype of asymmetric keys so that the asymmetric key type can cover keys from
> more sources:
>
> - Compiled-in keys.
> - Keys from UEFI db.
> - Keys from TPM (ie. the trusted key stuff).
> - Keys loaded by the administrator _if_ they are validated by a key the
> kernel already has.
>
> [*] I believe that that's your asymmetric key type and that your encrypted key
> type is your symmetric key type.

Both trusted and encrypted keys are random number symmetric keys.
Trusted keys are random number symmetric keys, generated and RSA-sealed
by the TPM.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Radek Pilar: "Suspend to RAM - freeze & sync"
Previous message: Linus Walleij: "Re: [PATCH 1/7] pinctrl: pinconf-generic: add drive strength parameter"
In reply to: David Howells: "Re: [RFC 0/1] ima/evm: signature verification support using asymmetric keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]