Re: [PATCH] KEYS: Make use of platform keyring for module signature verification

From: Luis Chamberlain
Date: Fri Mar 31 2023 - 16:02:36 EST

Next message: Axel Rasmussen: "Re: [PATCH 01/29] Revert "userfaultfd: don't fail on unrecognized features""
Previous message: Frank Rowand: "Re: [KTAP V2 PATCH] ktap_v2: add recognized test name line"
In reply to: Ahelenia Ziemiańska: "[PATCH] KEYS: Make use of platform keyring for module signature verification"
Next in thread: Ahelenia Ziemiańska: "Re: [PATCH] KEYS: Make use of platform keyring for module signature verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 31, 2023 at 04:30:21PM +0200, Ahelenia Ziemiańska wrote:
> This allows a cert in DB to be used to sign modules,
> in addition to certs in the MoK and built-in keyrings.
>
> This key policy matches what's used for kexec.
>
> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx>

Before I nose dive, the commit log should explain why this patch never
was sent upstream, if it was, why it was rejected. What makes it good now?

Who is using it? What are other distributions doing about it?

Luis

Next message: Axel Rasmussen: "Re: [PATCH 01/29] Revert "userfaultfd: don't fail on unrecognized features""
Previous message: Frank Rowand: "Re: [KTAP V2 PATCH] ktap_v2: add recognized test name line"
In reply to: Ahelenia Ziemiańska: "[PATCH] KEYS: Make use of platform keyring for module signature verification"
Next in thread: Ahelenia Ziemiańska: "Re: [PATCH] KEYS: Make use of platform keyring for module signature verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]