On Sat, Apr 30, 2022 at 11:21:54PM -0700, Kees Cook wrote:
> On Tue, Apr 26, 2022 at 02:31:09PM -0700, Matthias Kaehlcke wrote:
> > I'm still doubting what would be the best way to configure
> > the list of trusted digests. The approach in v2 of writing
> > a path through sysctl is flexible, but it
On Tue, Apr 26, 2022 at 02:31:09PM -0700, Matthias Kaehlcke wrote:
> I'm still doubting what would be the best way to configure
> the list of trusted digests. The approach in v2 of writing
> a path through sysctl is flexible, but it also feels a bit
> odd. I did some experiments with passing a file
Hi Matthias,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on device-mapper-dm/for-next]
[also build test ERROR on song-md/md-next kees/for-next/pstore v5.18-rc4
next-20220427]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting
Hi Matthias,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on device-mapper-dm/for-next]
[also build test ERROR on song-md/md-next kees/for-next/pstore v5.18-rc4
next-20220427]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting
Extend LoadPin to allow loading of kernel files from trusted
dm-verity [1] devices.
This change adds the concept of trusted verity devices to
LoadPin. Userspace can use the new systl file
'loadpin/trusted_verity_root_digests_path' to provide
LoadPin with the path of a file with a list of root dige