Re: [GIT PULL] integrity subsystem updates for v5.13

From: Mimi Zohar
Date: Sun May 02 2021 - 00:27:56 EST


On Sat, 2021-05-01 at 15:49 -0700, Linus Torvalds wrote:
> On Wed, Apr 28, 2021 at 6:47 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> >
> > In addition to loading the kernel module signing key onto the builtin
> > keyring, load it onto the IMA keyring as well.
>
> This clashed pretty badly with the other cert changes.
>
> I think the end result looks nice and clean (the cert updates mesh
> well with the _intention_ of your code, just not with the
> implementation), but you should really double-check that I didn't mess
> anything up in the merge and whatever test-case you have for IMA still
> works.
>
> I only verified that the kernel module signing key still works for
> modules - no IMA test-case.

I'm really sorry I forgot to mention in the pull request that Stephen
was carrying a merge conflict fix. Everything looks good. I tested
it, making sure that the kernel module signing key is loaded onto the
builtin and/or IMA keyrings properly.

thanks,

Mimi