Re: [PATCH 5/5] ima: enable loading of build time generated key to .ima keyring

On Thu, Feb 11, 2021 at 02:54:35PM -0500, Nayna Jain wrote: > The kernel currently only loads the kernel module signing key onto > the builtin trusted keyring. To support IMA, load the module signing > key selectively either onto builtin or ima keyring based on MODULE_SIG

Re: [PATCH 5/5] ima: enable loading of build time generated key to .ima keyring

On 2/11/21 2:54 PM, Nayna Jain wrote: The kernel currently only loads the kernel module signing key onto the builtin trusted keyring. To support IMA, load the module signing key selectively either onto builtin or ima keyring based on MODULE_SIG or MODULE_APPRAISE_MODSIG config respectively; and

[PATCH 5/5] ima: enable loading of build time generated key to .ima keyring

The kernel currently only loads the kernel module signing key onto the builtin trusted keyring. To support IMA, load the module signing key selectively either onto builtin or ima keyring based on MODULE_SIG or MODULE_APPRAISE_MODSIG config respectively; and loads the CA kernel key onto builtin