Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]

From: David Howells
Date: Fri Apr 01 2016 - 10:06:51 EST


David Howells <dhowells@xxxxxxxxxx> wrote:

> The three choice options I implemented don't exactly provide new features.
> Firstly:
>
> config IMA_LOAD_X509
>
> allow keys to be loaded in at compile time,

Ah - I think I'm labouring under a slight misapprehension here. IMA_LOAD_X509
doesn't load keys at compile time, but rather the kernel loads a file by name
when booting, right?

David