Michael Ellerman <m...@ellerman.id.au> writes:

> Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes:
>> On the OpenPOWER platform, secure boot and trusted boot are being
>> implemented using IMA for taking measurements and verifying signatures.
> I still want you to implement arch_kexec_kernel_verify_sig() as well :)

Yes, I will implement it! We are still working on loading the public
keys for kernel signing from the firmware into a kernel keyring, so
there's not much point in implementing arch_kexec_kernel_verify_sig
without having that first.

The same problem also affects IMA: even with these patches, new code
still neededs to be added to make IMA use the platform keys for kernel
signature verification.

Thiago Jung Bauermann
IBM Linux Technology Center

Reply via email to