On Mon, 21 Dec 2015, Mimi Zohar wrote:
> Hi James,
> Lots of changes this time. This pull request adds support, by Dmitry
> Kasatkin, for: making the EVM keyring a trusted keyring, such that only
> keys signed by a key on the system keyring can be loaded onto the EVM
> keyring, loading the EVM keys onto the EVM trusted keyring by the
> kernel, enabling EVM when either the x509 or symmetric keys are
> available and loading the EVM symmetric key from hardware.
> As described by Mark Baushke and Petko Manalov at LSS 2015 in their talk
> "IMA/EVM: Real Applications for Embedded Networking Systems", this pull
> request includes support for two new IMA trusted keyrings named .ima_mok
> and .ima_blacklist. Keys being loaded on either the EVM or IMA trusted
> keyrings can be validated against either the system trusted keyring or
> the intermediary .ima_mok keyring and prevented from being loaded if on
> the .ima_blacklist keyring.
> Lastly, support for extending and displaying the IMA policy.
To unsubscribe from this list: send the line "unsubscribe
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html