Re: [PATCH v1] dm verity: Add support for signature verification with 2nd keyring

From: Jarkko Sakkinen
Date: Mon Oct 12 2020 - 19:55:10 EST

Next message: Finn Thain: "Re: [PATCH v3] qla2xxx: Return EBUSY on fcport deletion"
Previous message: Paul E. McKenney: "Re: [GIT PULL] RCU changes for v5.10"
In reply to: Mickaël Salaün: "Re: [PATCH v1] dm verity: Add support for signature verification with 2nd keyring"
Next in thread: Mickaël Salaün: "Re: [PATCH v1] dm verity: Add support for signature verification with 2nd keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 09, 2020 at 11:50:03AM +0200, Mickaël Salaün wrote:
> Hi,
>
> What do you think about this patch?
>
> Regards,
> Mickaël
>
> On 02/10/2020 09:18, Mickaël Salaün wrote:
> > From: Mickaël Salaün <mic@xxxxxxxxxxxxxxxxxxx>
> >
> > Add a new DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING configuration
> > to enable dm-verity signatures to be verified against the secondary
> > trusted keyring. This allows certificate updates without kernel update
> > and reboot, aligning with module and kernel (kexec) signature
> > verifications.

I'd prefer a bit more verbose phrasing, not least because I have never
really even peeked at dm-verity, but it is also a good practice.

You have the middle part of the story missing - explaining the semantics
of how the feature leads to the aimed solution.

/Jarkko

Next message: Finn Thain: "Re: [PATCH v3] qla2xxx: Return EBUSY on fcport deletion"
Previous message: Paul E. McKenney: "Re: [GIT PULL] RCU changes for v5.10"
In reply to: Mickaël Salaün: "Re: [PATCH v1] dm verity: Add support for signature verification with 2nd keyring"
Next in thread: Mickaël Salaün: "Re: [PATCH v1] dm verity: Add support for signature verification with 2nd keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]