On Fri, 2016-04-01 at 15:33 +0100, David Howells wrote: > Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > > > The only place where "KEY_ALLOC_BYPASS_RESTRICTION" is specified is in > > load_system_certificate_list(), when adding keys to > > the .builtin_trusted_keys keyring. There is no other set of keys > > builtin and added to the IMA keyring. > > Are the keys loaded by integrity_load_x509() required to be validly signed by > the builtin/secondary keys? Or is that unnecessary given that they are loaded > and thus protected through integrity_read_file()?
Loading keys on the IMA keyring is safe, because the certificates must be signed by a key on the builtin keyring or the secondary keyring, if it is Kconfig enabled. Mimi
