Re: [PATCH 0/4] KEYS: validate key trust with owner and builtin keys only
From: Mimi Zohar
Date: Wed Jun 11 2014 - 08:30:36 EST
On Wed, 2014-06-11 at 04:23 +0100, Matthew Garrett wrote:
> Yes. Wouldn't having a mechanism to allow userspace to drop keys that
> have otherwise been imported be a generally useful solution to the issue
> you have with that?
There are issues removing a key from both the local system(eg. cache,
running apps) and the attestation server (eg. ima-sig template
verification) perspectives. We would need to address these concerns
before supporting key removal.
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/