[PATCH v7 12/17] KEYS: integrity: change link restriction to trust the machine keyring
Mimi Zohar
zohar at linux.ibm.com
Fri Nov 19 00:23:26 UTC 2021
On Mon, 2021-11-15 at 19:15 -0500, Eric Snowberg wrote:
> With the introduction of the machine keyring, the end-user may choose to
> trust Machine Owner Keys (MOK) within the kernel. If they have chosen to
> trust them, the .machine keyring will contain these keys. If not, the
> machine keyring will always be empty. Update the restriction check to
> allow the secondary trusted keyring and ima keyring to also trust
> machine keys.
>
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>
More information about the Linux-security-module-archive
mailing list