Re: [PATCH v5 2/3] Create IMA machine owner and blacklist keyrings;

On Mon, Nov 16, 2015 at 3:10 PM, Mimi Zohar wrote: > On Mon, 2015-11-02 at 00:32 +0200, Petko Manolov wrote: >> This option creates IMA MOK and blacklist keyrings. IMA MOK is an >> intermediate keyring that sits between .system and .ima keyrings, >> effectively forming

Re: [PATCH v5 2/3] Create IMA machine owner and blacklist keyrings;

On Mon, 2015-11-02 at 00:32 +0200, Petko Manolov wrote: > This option creates IMA MOK and blacklist keyrings. IMA MOK is an > intermediate keyring that sits between .system and .ima keyrings, > effectively forming a simple CA hierarchy. To successfully import a key > into .ima_mok it must be

[PATCH v5 2/3] Create IMA machine owner and blacklist keyrings;

This option creates IMA MOK and blacklist keyrings. IMA MOK is an intermediate keyring that sits between .system and .ima keyrings, effectively forming a simple CA hierarchy. To successfully import a key into .ima_mok it must be signed by a key which CA is in .system keyring. On turn any key