Re: [PATCH v3 0/2] let kexec_file_load use platform keyring to verify the kernel image

On Fri, Jan 18, 2019 at 10:00 AM Dave Young wrote: > > On 01/18/19 at 09:35am, Dave Young wrote: > > On 01/17/19 at 08:08pm, Mimi Zohar wrote: > > > On Wed, 2019-01-16 at 18:16 +0800, Kairui Song wrote: > > > > This patch series adds a .platform_trusted_keys in system_keyring as the > > > > refere

Re: [PATCH v3 0/2] let kexec_file_load use platform keyring to verify the kernel image

On 01/18/19 at 09:35am, Dave Young wrote: > On 01/17/19 at 08:08pm, Mimi Zohar wrote: > > On Wed, 2019-01-16 at 18:16 +0800, Kairui Song wrote: > > > This patch series adds a .platform_trusted_keys in system_keyring as the > > > reference to .platform keyring in integrity subsystem, when platform >

Re: [PATCH v3 0/2] let kexec_file_load use platform keyring to verify the kernel image

On Fri, 2019-01-18 at 09:35 +0800, Dave Young wrote: > On 01/17/19 at 08:08pm, Mimi Zohar wrote: > > It's taken so long for me to review/test this patch set due to a > > regression in sanity_check_segment_list(), introduced somewhere > > between 4.20 and 5.0.0-rc1.  The sgement overlap test - "if

Re: [PATCH v3 0/2] let kexec_file_load use platform keyring to verify the kernel image

On 01/17/19 at 08:08pm, Mimi Zohar wrote: > On Wed, 2019-01-16 at 18:16 +0800, Kairui Song wrote: > > This patch series adds a .platform_trusted_keys in system_keyring as the > > reference to .platform keyring in integrity subsystem, when platform > > keyring is being initialized it will be updated

Re: [PATCH v3 0/2] let kexec_file_load use platform keyring to verify the kernel image

On Wed, 2019-01-16 at 18:16 +0800, Kairui Song wrote: > This patch series adds a .platform_trusted_keys in system_keyring as the > reference to .platform keyring in integrity subsystem, when platform > keyring is being initialized it will be updated. So other component could > use this keyring as w