On Fri, 2016-03-04 at 15:01 +0000, David Howells wrote: > Add a secondary system keyring that can be added to by root whilst the > system is running - provided the key being added is vouched for by a key > built into the kernel or already added to the secondary keyring. > > Rename .system_keyring to .builtin_trusted_keys to distinguish it more > obviously from the new keyring (called .secondary_trusted_keys).
Renaming of the system_trusted_keyring to builtin_trusted_keys is fine, but we're left with a lot of references to "system_trusted" (eg. restrict_link_to_system_trusted, depends on SYSTEM_TRUSTED_KEYRING, the subsequent patch description and Kconfig use "system trusted keyrings", etc). Without changing these references, I'm not convinced this is an improvement. Mimi > The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING. > > If the secondary keyring is enabled, a link is created from that to > .builtin_trusted_keys so that the the latter will automatically be searched > too if the secondary keyring is searched. > > Signed-off-by: David Howells <dhowe...@redhat.com>
