Re: [PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring

On 20/01/2021 06:23, Jarkko Sakkinen wrote: > On Thu, Jan 14, 2021 at 04:19:08PM +0100, Mickaël Salaün wrote: >> From: Mickaël Salaün >> >> Add a kernel option SYSTEM_BLACKLIST_AUTH_UPDATE to enable the root user >> to dynamically add new keys to the blacklist keyring. This enables to >> invali

Re: [PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring

On Thu, Jan 14, 2021 at 04:19:08PM +0100, Mickaël Salaün wrote: > From: Mickaël Salaün > > Add a kernel option SYSTEM_BLACKLIST_AUTH_UPDATE to enable the root user > to dynamically add new keys to the blacklist keyring. This enables to > invalidate new certificates, either from being loaded in a

Re: [PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring

Hi Mickaël, On Thu, 2021-01-14 at 16:19 +0100, Mickaël Salaün wrote: > From: Mickaël Salaün > > Add a kernel option SYSTEM_BLACKLIST_AUTH_UPDATE to enable the root user > to dynamically add new keys to the blacklist keyring. This enables to > invalidate new certificates, either from being loade

[PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring

From: Mickaël Salaün Add a kernel option SYSTEM_BLACKLIST_AUTH_UPDATE to enable the root user to dynamically add new keys to the blacklist keyring. This enables to invalidate new certificates, either from being loaded in a keyring, or from being trusted in a PKCS#7 certificate chain. This also