Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-12-02 Thread Mimi Zohar
Since this discussion affects which keys can be added to trusted keyrings, cc'ing linux-ima-devel. On Fri, 2016-12-02 at 10:57 -0800, James Bottomley wrote: > On Thu, 2016-11-24 at 11:17 -0800, James Bottomley wrote: > > On Mon, 2016-11-21 at 16:16 +, Ard Biesheuvel wrote: > > > On 16

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-12-02 Thread Mimi Zohar
Since this discussion affects which keys can be added to trusted keyrings, cc'ing linux-ima-devel. On Fri, 2016-12-02 at 10:57 -0800, James Bottomley wrote: > On Thu, 2016-11-24 at 11:17 -0800, James Bottomley wrote: > > On Mon, 2016-11-21 at 16:16 +, Ard Biesheuvel wrote: > > > On 16

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-12-02 Thread James Bottomley
On Thu, 2016-11-24 at 11:17 -0800, James Bottomley wrote: > On Mon, 2016-11-21 at 16:16 +, Ard Biesheuvel wrote: > > On 16 November 2016 at 18:11, David Howells > > wrote: > > > From: Josh Boyer > > > > > > Secure Boot stores a list of allowed

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-12-02 Thread James Bottomley
On Thu, 2016-11-24 at 11:17 -0800, James Bottomley wrote: > On Mon, 2016-11-21 at 16:16 +, Ard Biesheuvel wrote: > > On 16 November 2016 at 18:11, David Howells > > wrote: > > > From: Josh Boyer > > > > > > Secure Boot stores a list of allowed certificates in the 'db' > > > variable. This

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-24 Thread James Bottomley
On Mon, 2016-11-21 at 11:25 -0500, Josh Boyer wrote: > On Mon, Nov 21, 2016 at 11:16 AM, Ard Biesheuvel > wrote: > > On 16 November 2016 at 18:11, David Howells > > wrote: > > > From: Josh Boyer > > > > > > Secure Boot

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-24 Thread James Bottomley
On Mon, 2016-11-21 at 11:25 -0500, Josh Boyer wrote: > On Mon, Nov 21, 2016 at 11:16 AM, Ard Biesheuvel > wrote: > > On 16 November 2016 at 18:11, David Howells > > wrote: > > > From: Josh Boyer > > > > > > Secure Boot stores a list of allowed certificates in the 'db' > > > variable. This

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-24 Thread James Bottomley
On Mon, 2016-11-21 at 16:16 +, Ard Biesheuvel wrote: > On 16 November 2016 at 18:11, David Howells > wrote: > > From: Josh Boyer > > > > Secure Boot stores a list of allowed certificates in the 'db' > > variable. This imports those

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-24 Thread James Bottomley
On Mon, 2016-11-21 at 16:16 +, Ard Biesheuvel wrote: > On 16 November 2016 at 18:11, David Howells > wrote: > > From: Josh Boyer > > > > Secure Boot stores a list of allowed certificates in the 'db' > > variable. This imports those certificates into the system trusted > > keyring. This

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-21 Thread Josh Boyer
On Mon, Nov 21, 2016 at 11:16 AM, Ard Biesheuvel wrote: > On 16 November 2016 at 18:11, David Howells wrote: >> From: Josh Boyer >> >> Secure Boot stores a list of allowed certificates in the 'db' variable. >> This

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-21 Thread Josh Boyer
On Mon, Nov 21, 2016 at 11:16 AM, Ard Biesheuvel wrote: > On 16 November 2016 at 18:11, David Howells wrote: >> From: Josh Boyer >> >> Secure Boot stores a list of allowed certificates in the 'db' variable. >> This imports those certificates into the system trusted keyring. This >> allows for

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-21 Thread Ard Biesheuvel
On 16 November 2016 at 18:11, David Howells wrote: > From: Josh Boyer > > Secure Boot stores a list of allowed certificates in the 'db' variable. > This imports those certificates into the system trusted keyring. This > allows for a third party

Re: [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-21 Thread Ard Biesheuvel
On 16 November 2016 at 18:11, David Howells wrote: > From: Josh Boyer > > Secure Boot stores a list of allowed certificates in the 'db' variable. > This imports those certificates into the system trusted keyring. This > allows for a third party signing certificate to be used in conjunction >

[PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-16 Thread David Howells
From: Josh Boyer Secure Boot stores a list of allowed certificates in the 'db' variable. This imports those certificates into the system trusted keyring. This allows for a third party signing certificate to be used in conjunction with signed modules. By importing the

[PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot

2016-11-16 Thread David Howells
From: Josh Boyer Secure Boot stores a list of allowed certificates in the 'db' variable. This imports those certificates into the system trusted keyring. This allows for a third party signing certificate to be used in conjunction with signed modules. By importing the public certificate into