Re: [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only

From: Mimi Zohar
Date: Wed Jun 11 2014 - 08:30:36 EST

Next message: Tejun Heo: "Re: [PATCH 2/2] memcg: Allow hard guarantee mode for low limit reclaim"
Previous message: Al Viro: "Re: Linux 3.15 .. and continuation of merge window"
In reply to: Matthew Garrett: "Re: [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only"
Next in thread: Matthew Garrett: "Re: [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2014-06-11 at 04:23 +0100, Matthew Garrett wrote:
> Yes. Wouldn't having a mechanism to allow userspace to drop keys that
> have otherwise been imported be a generally useful solution to the issue
> you have with that?

There are issues removing a key from both the local system(eg. cache,
running apps) and the attestation server (eg. ima-sig template
verification) perspectives. We would need to address these concerns
before supporting key removal.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tejun Heo: "Re: [PATCH 2/2] memcg: Allow hard guarantee mode for low limit reclaim"
Previous message: Al Viro: "Re: Linux 3.15 .. and continuation of merge window"
In reply to: Matthew Garrett: "Re: [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only"
Next in thread: Matthew Garrett: "Re: [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]