From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752601AbcAFOER (ORCPT <rfc822;w@1wt.eu>);
	Wed, 6 Jan 2016 09:04:17 -0500
Received: from e28smtp06.in.ibm.com ([125.16.236.6]:36932 "EHLO
	e28smtp06.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752300AbcAFOEK (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 6 Jan 2016 09:04:10 -0500
X-IBM-Helo: d28dlp01.in.ibm.com
X-IBM-MailFrom: zohar@linux.vnet.ibm.com
X-IBM-RcptTo: keyrings@vger.kernel.org;linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org
Message-ID: <1452089005.2772.224.camel@linux.vnet.ibm.com>
Subject: Re: [RFC PATCH] X.509: Don't check the signature on apparently
 self-signed keys [ver #2]
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: dwmw2@infradead.org, David Woodhouse <David.Woodhouse@intel.com>,
        linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org,
        keyrings@vger.kernel.org, Petko Manolov <petkan@mip-labs.com>
Date: Wed, 06 Jan 2016 09:03:25 -0500
In-Reply-To: <9026.1452086487@warthog.procyon.org.uk>
References: <1452082979.2772.205.camel@linux.vnet.ibm.com>
	 <1452010098.2772.169.camel@linux.vnet.ibm.com>
	 <20160105154703.31650.95150.stgit@warthog.procyon.org.uk>
	 <2615.1452011971@warthog.procyon.org.uk>
	 <9026.1452086487@warthog.procyon.org.uk>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16010614-0021-0000-0000-000009625E2B
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2016-01-06 at 13:21 +0000, David Howells wrote:
> Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> 
> > The x509_validate_trust() was originally added for IMA to ensure, on a
> > secure boot system, a certificate chain of trust rooted in hardware.
> > The IMA MOK keyring extends this certificate chain of trust to the
> > running system.
> 
> The problem is that because 'trusted' is a boolean, a key in the IMA MOK
> keyring will permit addition to the system keyring.

Once the builtin keys are loaded onto the system keyring, isn't the
system keyring locked?  Or is this the only mechanism used for locking?

Mimi