Re: [PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring

From: Stefan Berger
Date: Fri Feb 19 2021 - 10:00:15 EST

Next message: Borislav Petkov: "Re: [PATCH v3 11/21] x86/fpu/xstate: Update xstate buffer address finder to support dynamic xstate"
Previous message: Kalle Valo: "Re: linux-next: build warnings after merge of the net-next tree"
In reply to: Mimi Zohar: "Re: [PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring"
Next in thread: Nayna Jain: "[PATCH v2 4/5] keys: define build time generated ephemeral kernel CA key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/18/21 5:00 PM, Nayna Jain wrote:

The kernel currently only loads the kernel module signing key onto
the builtin trusted keyring. To support IMA, load the module signing
key selectively either onto the builtin or IMA keyring based on MODULE_SIG
or MODULE_APPRAISE_MODSIG config respectively; and loads the CA kernel
key onto the builtin trusted keyring.

Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx>

Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Next message: Borislav Petkov: "Re: [PATCH v3 11/21] x86/fpu/xstate: Update xstate buffer address finder to support dynamic xstate"
Previous message: Kalle Valo: "Re: linux-next: build warnings after merge of the net-next tree"
In reply to: Mimi Zohar: "Re: [PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring"
Next in thread: Nayna Jain: "[PATCH v2 4/5] keys: define build time generated ephemeral kernel CA key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]