Re: [RFC PATCH 00/15] KEYS: Restrict additions to 'trusted' keyrings
From: Mimi Zohar
Date: Mon Jan 11 2016 - 21:44:49 EST
On Tue, 2016-01-12 at 00:38 +0000, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> > Back in November, Mehmet Kayaalp posted a patch for safely adding
> > additional keys to the system keyring post build and a tool for
> > re-signing the kernel.
> > https://www.mail-archive.com/linux-security-module@xxxxxxxxxxxxxxx/msg03679.html
> That's irrelevant to this particular discussion.
Not really. The discussion centers around the system keyring and the
origin of the keys on it. These patches safely allow additional keys to
be added post-build to the system keyring.
> And, yes, I should deal with
> his patch.