[PATCH v5 12/12] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true

Jarkko Sakkinen jarkko at kernel.org
Thu Sep 9 13:58:52 UTC 2021


On Tue, 2021-09-07 at 12:01 -0400, Eric Snowberg wrote:
> With the introduction of uefi_check_trust_mok_keys, it signifies the end-
> user wants to trust the machine keyring as trusted keys.  If they have
> chosen to trust the machine keyring, load the qualifying keys into it
> during boot, then link it to the secondary keyring .  If the user has not
> chosen to trust the machine keyring, it will be empty and not linked to
> the secondary keyring.
> 
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>

I would not worry too much applying the code changes if the story
part made sense (to *almost anyone*) in the cover letter.

/Jarkko



More information about the Linux-security-module-archive mailing list