Re: [PATCH RFC 00/12] Enroll kernel keys thru MOK
From: Mimi Zohar
Date: Thu Jul 08 2021 - 21:11:46 EST
On Thu, 2021-07-08 at 17:17 -0600, Eric Snowberg wrote:
> > Once all the CA keys in the MOK db are loaded onto the MOK keyring,
>
> To avoid confusion with the new keyring name, would it be more appropriate
> to change what we are calling the .mok keyring to the .trusted_platform
> keyring instead? Or just leave it as .mok?
Definitely not ".trusted_platform" keyring, as it would be too
confusing with the existing "trusted" key type [1]. At least for now,
leave it as ".mok".
thanks,
Mimi
[1] Documentation/security/keys/trusted-encrypted.rst