The original patches extended the secure boot signature chain of trust to IMA-appraisal, by allowing only certificates signed by a 'trusted' key on the system_trusted_keyring to be added to the IMA keyring.
There were a number of issues with the original patch set, including kbuild issues, which have been resolved, and with the special dot prefixed keyrings. The function key_get_type_from_user(), verfies the '_type', not the '_description', is dot prefixed. The previous version added an additional test, but left the existing check in key_get_type_from_user(). This patch set removes the unnecessary dot check. Previous versions attempted to verify a certificate is signed by a trusted key, but not necessarily by any key on the system_trusted_keyring. The first attempt, permitted any key on the targeted trusted keyring to verify a certificate. This introduced concerns of transitive trust. The subsequent attempt defined a separate keyring, associated with each targeted trusted keyring. This patch set defines a single new owner_trusted_keyring. thanks, Mimi Mimi Zohar (4): KEYS: special dot prefixed keyring name bug fix KEYS: verify a certificate is signed by a 'trusted' key ima: define '.ima' as a builtin 'trusted' keyring KEYS: define an owner trusted keyring crypto/asymmetric_keys/x509_public_key.c | 85 +++++++++++++++++++++++++++++++- include/keys/system_keyring.h | 13 +++++ include/linux/key.h | 4 ++ kernel/system_keyring.c | 85 ++++++++++++++++++++++++++++++++ security/integrity/digsig.c | 26 +++++++++- security/integrity/ima/Kconfig | 8 +++ security/integrity/ima/ima_appraise.c | 11 +++++ security/integrity/integrity.h | 5 ++ security/keys/key.c | 20 ++++++++ security/keys/keyctl.c | 6 ++- 10 files changed, 259 insertions(+), 4 deletions(-) -- 1.8.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
