Re: [PATCH v3 2/6] integrity: ignore keys failing CA restrictions on non-UEFI platform

On Wed Aug 16, 2023 at 3:58 PM EEST, Mimi Zohar wrote: > On Mon, 2023-08-14 at 20:38 +0300, Jarkko Sakkinen wrote: > > On Sun Aug 13, 2023 at 5:15 AM EEST, Nayna Jain wrote: > > > On non-UEFI platforms, handle restrict_link_by_ca failures differently. > > > > > > Certificates which do not satisfy C

Re: [PATCH v3 2/6] integrity: ignore keys failing CA restrictions on non-UEFI platform

On Mon, 2023-08-14 at 20:38 +0300, Jarkko Sakkinen wrote: > On Sun Aug 13, 2023 at 5:15 AM EEST, Nayna Jain wrote: > > On non-UEFI platforms, handle restrict_link_by_ca failures differently. > > > > Certificates which do not satisfy CA restrictions on non-UEFI platforms > > are ignored. > > > > Sig

Re: [PATCH v3 2/6] integrity: ignore keys failing CA restrictions on non-UEFI platform

On Sun Aug 13, 2023 at 5:15 AM EEST, Nayna Jain wrote: > On non-UEFI platforms, handle restrict_link_by_ca failures differently. > > Certificates which do not satisfy CA restrictions on non-UEFI platforms > are ignored. > > Signed-off-by: Nayna Jain > Reviewed-and-tested-by: Mimi Zohar > --- > s

[PATCH v3 2/6] integrity: ignore keys failing CA restrictions on non-UEFI platform

On non-UEFI platforms, handle restrict_link_by_ca failures differently. Certificates which do not satisfy CA restrictions on non-UEFI platforms are ignored. Signed-off-by: Nayna Jain Reviewed-and-tested-by: Mimi Zohar --- security/integrity/platform_certs/machine_keyring.c | 2 +- 1 file chang