Re: [PATCH v2] dm verity: Add support for signature verification with 2nd keyring

On Fri, Oct 23 2020 at 6:20am -0400, Mickaël Salaün wrote: > It seems that there is no more question. Mike, Alasdair, could you > please consider to merge this into the tree? > > On 16/10/2020 14:19, Mickaël Salaün wrote: > > > > On 16/10/2020 13:08, Milan Broz wrote: > >> On 16/10/2020 10:49,

Re: [PATCH v2] dm verity: Add support for signature verification with 2nd keyring

It seems that there is no more question. Mike, Alasdair, could you please consider to merge this into the tree? On 16/10/2020 14:19, Mickaël Salaün wrote: > > On 16/10/2020 13:08, Milan Broz wrote: >> On 16/10/2020 10:49, Mickaël Salaün wrote: >>> On 16/10/2020 10:29, Mickaël Salaün wrote: >

Re: [PATCH v2] dm verity: Add support for signature verification with 2nd keyring

On 16/10/2020 13:08, Milan Broz wrote: > On 16/10/2020 10:49, Mickaël Salaün wrote: >> On 16/10/2020 10:29, Mickaël Salaün wrote: >>> >>> On 15/10/2020 18:52, Mike Snitzer wrote: Can you please explain why you've decided to make this a Kconfig CONFIG knob?  Why not either add: a dm-veri

Re: [PATCH v2] dm verity: Add support for signature verification with 2nd keyring

On 16/10/2020 10:49, Mickaël Salaün wrote: On 16/10/2020 10:29, Mickaël Salaün wrote: On 15/10/2020 18:52, Mike Snitzer wrote: Can you please explain why you've decided to make this a Kconfig CONFIG knob? Why not either add: a dm-verity table argument? A dm-verity kernel module parameter? or

Re: [PATCH v2] dm verity: Add support for signature verification with 2nd keyring

On 16/10/2020 10:29, Mickaël Salaün wrote: > > On 15/10/2020 18:52, Mike Snitzer wrote: >> On Thu, Oct 15 2020 at 11:05am -0400, >> Mickaël Salaün wrote: >> >>> From: Mickaël Salaün >>> >>> Add a new configuration DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING >>> to enable dm-verity signatu

Re: [PATCH v2] dm verity: Add support for signature verification with 2nd keyring

On 15/10/2020 18:52, Mike Snitzer wrote: > On Thu, Oct 15 2020 at 11:05am -0400, > Mickaël Salaün wrote: > >> From: Mickaël Salaün >> >> Add a new configuration DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING >> to enable dm-verity signatures to be verified against the secondary >> trusted key

Re: [PATCH v2] dm verity: Add support for signature verification with 2nd keyring

On Thu, Oct 15 2020 at 11:05am -0400, Mickaël Salaün wrote: > From: Mickaël Salaün > > Add a new configuration DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING > to enable dm-verity signatures to be verified against the secondary > trusted keyring. Instead of relying on the builtin trusted keyr

[PATCH v2] dm verity: Add support for signature verification with 2nd keyring

From: Mickaël Salaün Add a new configuration DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING to enable dm-verity signatures to be verified against the secondary trusted keyring. Instead of relying on the builtin trusted keyring (with hard-coded certificates), the second trusted keyring can inclu