[PATCH v2 5/5] ima: enable loading of build time generated key on .ima keyring

Stefan Berger stefanb at linux.ibm.com
Fri Feb 19 14:59:08 UTC 2021


On 2/18/21 5:00 PM, Nayna Jain wrote:
> The kernel currently only loads the kernel module signing key onto
> the builtin trusted keyring. To support IMA, load the module signing
> key selectively either onto the builtin or IMA keyring based on MODULE_SIG
> or MODULE_APPRAISE_MODSIG config respectively; and loads the CA kernel
> key onto the builtin trusted keyring.
>
> Signed-off-by: Nayna Jain <nayna at linux.ibm.com>


Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>




More information about the Linux-security-module-archive mailing list