Re: [PATCH v2 0/3] KEYS: validate certificate trust with selected owner or builtin key

From: Mimi Zohar
Date: Tue Jun 17 2014 - 08:20:45 EST


On Tue, 2014-06-17 at 11:56 +0300, Dmitry Kasatkin wrote:
> Instead of allowing public keys, with certificates signed by any key on
> the system trusted keyring, to be added to a trusted keyring, this patch
> set further restricts the certificates to those signed by a particular key
> or builtin keys on the system keyring.
>
> This patch defines a new kernel parameter 'keys_ownerid={id: | builtin}'
> to use specific key or any builtin key.
>
> Changes to v1:
> * key id matching code from asymmetric_type.c is reused in the patch

Nice! The first two we'll upstream, but defer the builtin patch until
the UEFI key patches are upstreamed.

thanks,

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/