[PATCH RFC 00/12] Enroll kernel keys thru MOK
Mimi Zohar
zohar at linux.ibm.com
Fri Jul 9 01:10:47 UTC 2021
On Thu, 2021-07-08 at 17:17 -0600, Eric Snowberg wrote:
> > Once all the CA keys in the MOK db are loaded onto the MOK keyring,
>
> To avoid confusion with the new keyring name, would it be more appropriate
> to change what we are calling the .mok keyring to the .trusted_platform
> keyring instead? Or just leave it as .mok?
Definitely not ".trusted_platform" keyring, as it would be too
confusing with the existing "trusted" key type [1]. At least for now,
leave it as ".mok".
thanks,
Mimi
[1] Documentation/security/keys/trusted-encrypted.rst
More information about the Linux-security-module-archive
mailing list