[PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification
Mimi Zohar
zohar at linux.ibm.com
Tue Feb 15 20:08:18 UTC 2022
[Cc'ing Eric Snowberg]
Hi Michal,
On Tue, 2022-02-15 at 20:39 +0100, Michal Suchanek wrote:
> Commit 278311e417be ("kexec, KEYS: Make use of platform keyring for signature verify")
> adds support for use of platform keyring in kexec verification but
> support for modules is missing.
>
> Add support for verification of modules with keys from platform keyring
> as well.
Permission for loading the pre-OS keys onto the "platform" keyring and
using them is limited to verifying the kexec kernel image, nothing
else.
FYI, Eric Snowberg's initial patch set titled "[PATCH v10 0/8] Enroll
kernel keys thru MOK" is queued in Jarkko's git repo to be usptreamed.
A subsequent patch set is expected.
--
thanks,
Mimi
[1] Message-Id: <20211124044124.998170-11-eric.snowberg at oracle.com>
More information about the Linux-security-module-archive
mailing list