On Wed, Jan 30, 2013 at 12:32 PM, David Howells wrote:
> Kasatkin, Dmitry wrote:
>
>> What about the case when running from integrity protected initramfs?
>> Either embedded into the signed kernel, or verified by the boot loader.
>> In such case it is possible to assume that all keys which are ad
Kasatkin, Dmitry wrote:
> What about the case when running from integrity protected initramfs?
> Either embedded into the signed kernel, or verified by the boot loader.
> In such case it is possible to assume that all keys which are added by
> user space are implicitly trusted.
> Later on, before
On Thu, Jan 17, 2013 at 8:04 PM, David Howells wrote:
> Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
> or had a cryptographic signature chain that led back to a trusted key the
> kernel already possessed.
>
> Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring w
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.
Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.
Si
4 matches
Mail list logo
