Re: [PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring

From: Stefan Berger
Date: Fri Feb 19 2021 - 10:00:15 EST


On 2/18/21 5:00 PM, Nayna Jain wrote:
The kernel currently only loads the kernel module signing key onto
the builtin trusted keyring. To support IMA, load the module signing
key selectively either onto the builtin or IMA keyring based on MODULE_SIG
or MODULE_APPRAISE_MODSIG config respectively; and loads the CA kernel
key onto the builtin trusted keyring.

Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx>


Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>