On Tue, 2014-06-17 at 11:56 +0300, Dmitry Kasatkin wrote:
> Instead of allowing public keys, with certificates signed by any key on
> the system trusted keyring, to be added to a trusted keyring, this patch
> set further restricts the certificates to those signed by a particular key
> or builtin keys on the system keyring.
>
> This patch defines a new kernel parameter 'keys_ownerid={id: | builtin}'
> to use specific key or any builtin key.
>
> Changes to v1:
> * key id matching code from asymmetric_type.c is reused in the patch
Nice! The first two we'll upstream, but defer the builtin patch until
the UEFI key patches are upstreamed.
thanks,
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
