[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 09 Sep 2021 16:58:52 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Eric Snowberg <eric.snowberg@...cle.com>, keyrings@...r.kernel.org,
linux-integrity@...r.kernel.org, zohar@...ux.ibm.com,
dhowells@...hat.com, dwmw2@...radead.org,
herbert@...dor.apana.org.au, davem@...emloft.net,
jmorris@...ei.org, serge@...lyn.com
Cc: keescook@...omium.org, gregkh@...uxfoundation.org,
torvalds@...ux-foundation.org, scott.branden@...adcom.com,
weiyongjun1@...wei.com, nayna@...ux.ibm.com, ebiggers@...gle.com,
ardb@...nel.org, nramas@...ux.microsoft.com, lszubowi@...hat.com,
linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-security-module@...r.kernel.org,
James.Bottomley@...senPartnership.com, pjones@...hat.com,
konrad.wilk@...cle.com
Subject: Re: [PATCH v5 12/12] integrity: Only use machine keyring when
uefi_check_trust_mok_keys is true
On Tue, 2021-09-07 at 12:01 -0400, Eric Snowberg wrote:
> With the introduction of uefi_check_trust_mok_keys, it signifies the end-
> user wants to trust the machine keyring as trusted keys. If they have
> chosen to trust the machine keyring, load the qualifying keys into it
> during boot, then link it to the secondary keyring . If the user has not
> chosen to trust the machine keyring, it will be empty and not linked to
> the secondary keyring.
>
> Signed-off-by: Eric Snowberg <eric.snowberg@...cle.com>
I would not worry too much applying the code changes if the story
part made sense (to *almost anyone*) in the cover letter.
/Jarkko
Powered by blists - more mailing lists