Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756795AbbEUQni (ORCPT ); Thu, 21 May 2015 12:43:38 -0400 Received: from lan.nucleusys.com ([92.247.61.126]:43865 "EHLO zztop.nucleusys.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756730AbbEUQn0 (ORCPT ); Thu, 21 May 2015 12:43:26 -0400 Date: Thu, 21 May 2015 19:43:14 +0300 From: Petko Manolov To: David Howells Cc: "Luis R. Rodriguez" , Andy Lutomirski , linux-security-module@vger.kernel.org, james.l.morris@oracle.com, serge@hallyn.com, linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org, Kyle McMartin , David Woodhouse , Seth Forshee , Greg Kroah-Hartman , Joey Lee , Rusty Russell , zohar@linux.vnet.ibm.com, mricon@kernel.org, Michal Marek , Abelardo Ricart III , Sedat Dilek , keyrings@linux-nfs.org, Borislav Petkov , Jiri Kosina , Linus Torvalds Subject: Re: [RFD] linux-firmware key arrangement for firmware signing Message-ID: <20150521164313.GH18164@localhost> Mail-Followup-To: David Howells , "Luis R. Rodriguez" , Andy Lutomirski , linux-security-module@vger.kernel.org, james.l.morris@oracle.com, serge@hallyn.com, linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org, Kyle McMartin , David Woodhouse , Seth Forshee , Greg Kroah-Hartman , Joey Lee , Rusty Russell , zohar@linux.vnet.ibm.com, mricon@kernel.org, Michal Marek , Abelardo Ricart III , Sedat Dilek , keyrings@linux-nfs.org, Borislav Petkov , Jiri Kosina , Linus Torvalds References: <20150519221128.GP23057@wotan.suse.de> <20150519200232.GM23057@wotan.suse.de> <555BA438.2070802@kernel.org> <9567.1432223509@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9567.1432223509@warthog.procyon.org.uk> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Score: -1.0 (-) X-Spam-Report: Spam detection software, running on the system "zztop.nucleusys.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On 15-05-21 16:51:49, David Howells wrote: > > I do have patches to parse PGP key data and add the public keys found therein > onto the kernel keyring, but that would mean adding an extra key data parser. [...] Content analysis details: (-1.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1109 Lines: 26 On 15-05-21 16:51:49, David Howells wrote: > > I do have patches to parse PGP key data and add the public keys found therein > onto the kernel keyring, but that would mean adding an extra key data parser. PGP is widely used so i would gladly have one more parser in the kernel. > You could probably do this with the integrity functions - but turning them on > has a performance cost and you have to load things in the right order as I > understand it. The performance hit is negligible, especially on modern hardware. The problem is that Joe user must wrap his head around IMA as a concept and go through the pains of doing everything right. Failing to do so will result in a lot of frustration, and i speak from experience. Once you make it run properly it mostly stays out of your way. To put it another way: IMA is not for sissies... :) Petko -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/