Re: [PATCH RFC 05/12] integrity: Introduce mok keyring

From: Eric Snowberg
Date: Wed Jul 07 2021 - 18:33:02 EST



> On Jul 7, 2021, at 3:26 PM, Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote:
>
> On Wed, Jul 07, 2021 at 12:31:23PM -0700, Linus Torvalds wrote:
>> On Tue, Jul 6, 2021 at 7:45 PM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote:
>>>
>>> Introduce a new keyring called mok. This keyring will be used during
>>> boot. Afterwards it will be destroyed.
>>
>> Already discussed elsewhere, but yeah, when using TLA's, unless they
>> are universally understood (like "CPU" or "TLB" or whatever), please
>> spell them out somewhere for people who don't have the background.
>>
>> I saw that you said elsewhere that MOK is "Machine Owner Key", but
>> please let's just have that in the sources and commit messages at
>> least for the original new code cases.
>>
>> Maybe it becomes obvious over time as there is more history to the
>> code, but when you literally introduce a new concept, please spell it
>> out.
>>
>> Linus
>>
> I'd suggest for the short summary:
>
> "integrity: Introduce a Linux keyring for the Machine Owner Key (MOK)"
>
> Given that "keyring" is such a saturated and ambiguous word, and this not a
> subsystem patch for keyring itself, it should be explicit what is meant by
> a keyring.

If we can go in this direction, I will update the heading as Jarkko has
suggested in a follow on series. I will also include a better summary in
this patch, along with a MOK explanation at the beginning. Thanks.