Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-06-03 Thread Mimi Zohar
On Mon, 2014-06-02 at 07:55 -0400, Josh Boyer wrote: > On Mon, Jun 02, 2014 at 02:40:28PM +0300, Dmitry Kasatkin wrote: > > On 2 June 2014 14:33, Mimi Zohar wrote: > > > On Mon, 2014-06-02 at 13:48 +0300, Dmitry Kasatkin wrote: > > >> On 1 June 2014 05:14, Mimi Zohar wrote: > > > Currently only

Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-06-02 Thread Josh Boyer
On Mon, Jun 02, 2014 at 02:40:28PM +0300, Dmitry Kasatkin wrote: > On 2 June 2014 14:33, Mimi Zohar wrote: > > On Mon, 2014-06-02 at 13:48 +0300, Dmitry Kasatkin wrote: > >> On 1 June 2014 05:14, Mimi Zohar wrote: > >> > On Sat, 2014-05-31 at 01:37 +0300, Dmitry Kasatkin wrote: > >> >> On 28 May

Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-06-02 Thread Mimi Zohar
On Mon, 2014-06-02 at 14:40 +0300, Dmitry Kasatkin wrote: > On 2 June 2014 14:33, Mimi Zohar wrote: > > On Mon, 2014-06-02 at 13:48 +0300, Dmitry Kasatkin wrote: > > Currently only the builtin keys are on the system keyring, but once > > David and Josh's UEFI patches are upstreamed, the UEFI key

Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-06-02 Thread Dmitry Kasatkin
On 2 June 2014 14:33, Mimi Zohar wrote: > On Mon, 2014-06-02 at 13:48 +0300, Dmitry Kasatkin wrote: >> On 1 June 2014 05:14, Mimi Zohar wrote: >> > On Sat, 2014-05-31 at 01:37 +0300, Dmitry Kasatkin wrote: >> >> On 28 May 2014 18:09, Mimi Zohar wrote: >> >> > (UEFI) secure boot provides a signat

Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-06-02 Thread Mimi Zohar
On Mon, 2014-06-02 at 13:48 +0300, Dmitry Kasatkin wrote: > On 1 June 2014 05:14, Mimi Zohar wrote: > > On Sat, 2014-05-31 at 01:37 +0300, Dmitry Kasatkin wrote: > >> On 28 May 2014 18:09, Mimi Zohar wrote: > >> > (UEFI) secure boot provides a signature chain of trust rooted in > >> > hardware.

Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-06-02 Thread Dmitry Kasatkin
On 1 June 2014 05:14, Mimi Zohar wrote: > On Sat, 2014-05-31 at 01:37 +0300, Dmitry Kasatkin wrote: >> On 28 May 2014 18:09, Mimi Zohar wrote: >> > (UEFI) secure boot provides a signature chain of trust rooted in >> > hardware. The signature chain of trust includes the Machine Owner >> > Keys(MOK

Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-05-31 Thread Mimi Zohar
On Sat, 2014-05-31 at 01:37 +0300, Dmitry Kasatkin wrote: > On 28 May 2014 18:09, Mimi Zohar wrote: > > (UEFI) secure boot provides a signature chain of trust rooted in > > hardware. The signature chain of trust includes the Machine Owner > > Keys(MOKs), which cannot be modified without physical

Re: [RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-05-30 Thread Dmitry Kasatkin
On 28 May 2014 18:09, Mimi Zohar wrote: > (UEFI) secure boot provides a signature chain of trust rooted in > hardware. The signature chain of trust includes the Machine Owner > Keys(MOKs), which cannot be modified without physical presence. > > Instead of allowing public keys, with certificates si

[RFC PATCH v4 4/4] KEYS: define an owner trusted keyring

2014-05-28 Thread Mimi Zohar
(UEFI) secure boot provides a signature chain of trust rooted in hardware. The signature chain of trust includes the Machine Owner Keys(MOKs), which cannot be modified without physical presence. Instead of allowing public keys, with certificates signed by any key on the system trusted keyring, to