Re: [GIT PULL] Load keys from signed PE binaries

From: Matthew Garrett
Date: Wed Feb 27 2013 - 07:43:44 EST

Next message: Markus Trippelsdorf: "Re: [GIT PULL] ext4 updates for 3.9"
Previous message: Don Morris: "Re: sched: CPU #1's llc-sibling CPU #0 is not on the same node!"
In reply to: Geert Uytterhoeven: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 27, 2013 at 01:32:30PM +0100, Geert Uytterhoeven wrote:

> So revocation will only be done by the guest OS?
> I.e. if I only boot my own trusted Linux, even if it's signed with the MS key,
> the MS key _on my system_ will never be revoked?

As long as you never apply any updates that will revoke that key.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Markus Trippelsdorf: "Re: [GIT PULL] ext4 updates for 3.9"
Previous message: Don Morris: "Re: sched: CPU #1's llc-sibling CPU #0 is not on the same node!"
In reply to: Geert Uytterhoeven: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]