From: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
To: zohar@linux.vnet.ibm.com, dhowells@redhat.com,
jwboyer@redhat.com, keyrings@linux-nfs.org,
linux-security-module@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Dmitry Kasatkin <d.kasatkin@samsung.com>
Subject: [PATCH v1a 0/2] KEYS: validate key trust with owner and builtin keys only
Date: Thu, 12 Jun 2014 23:17:09 +0300 [thread overview]
Message-ID: <cover.1402604096.git.d.kasatkin@samsung.com> (raw)
This is a repost of the patchset cleanly on the top of linux-integrity
next-trusted-keys branch.
Instead of allowing public keys, with certificates signed by any key on
the system trusted keyring, to be added to a trusted keyring, this patch
set further restricts the certificates to those signed by a particular key
or builtin keys on the system keyring.
This patch defines a new kernel parameter 'keys_ownerid={id:xxx | builtin}'
to use specific key or any builtin key.
Thanks,
Dmitry
Dmitry Kasatkin (2):
KEYS: validate certificate trust only with selected owner key
KEYS: validate certificate trust only with builtin keys
Documentation/kernel-parameters.txt | 5 +++++
crypto/asymmetric_keys/x509_public_key.c | 32 ++++++++++++++++++++++++++++++--
include/linux/key.h | 1 +
kernel/system_keyring.c | 1 +
4 files changed, 37 insertions(+), 2 deletions(-)
--
1.9.1
next reply other threads:[~2014-06-12 20:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-12 20:17 Dmitry Kasatkin [this message]
2014-06-12 20:17 ` [PATCH v1a 1/2] KEYS: validate certificate trust only with selected owner key Dmitry Kasatkin
2014-06-16 11:43 ` Mimi Zohar
2014-06-17 8:58 ` Dmitry Kasatkin
2014-06-12 20:17 ` [PATCH v1a 2/2] KEYS: validate certificate trust only with builtin keys Dmitry Kasatkin
2014-06-16 11:43 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1402604096.git.d.kasatkin@samsung.com \
--to=dmitry.kasatkin@gmail.com \
--cc=d.kasatkin@samsung.com \
--cc=dhowells@redhat.com \
--cc=jwboyer@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.