Re: [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok [ver #3]
From: Mimi Zohar
Date: Fri Apr 01 2016 - 12:51:16 EST
On Fri, 2016-04-01 at 15:33 +0100, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
> > The only place where "KEY_ALLOC_BYPASS_RESTRICTION" is specified is in
> > load_system_certificate_list(), when adding keys to
> > the .builtin_trusted_keys keyring. There is no other set of keys
> > builtin and added to the IMA keyring.
>
> Are the keys loaded by integrity_load_x509() required to be validly signed by
> the builtin/secondary keys? Or is that unnecessary given that they are loaded
> and thus protected through integrity_read_file()?
Loading keys on the IMA keyring is safe, because the certificates must
be signed by a key on the builtin keyring or the secondary keyring, if
it is Kconfig enabled.
Mimi