Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932167AbcCHCF4 (ORCPT ); Mon, 7 Mar 2016 21:05:56 -0500 Received: from e28smtp03.in.ibm.com ([125.16.236.3]:52591 "EHLO e28smtp03.in.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753488AbcCHCFs (ORCPT ); Mon, 7 Mar 2016 21:05:48 -0500 X-IBM-Helo: d28relay05.in.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org;keyrings@vger.kernel.org;linux-security-module@vger.kernel.org Message-ID: <1457402735.5321.14.camel@linux.vnet.ibm.com> Subject: Re: [RFC PATCH 11/12] certs: Add a secondary system keyring that can be added to dynamically [ver #2] From: Mimi Zohar To: David Howells Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Mon, 07 Mar 2016 21:05:35 -0500 In-Reply-To: <20160304150142.17121.56666.stgit@warthog.procyon.org.uk> References: <20160304150022.17121.34501.stgit@warthog.procyon.org.uk> <20160304150142.17121.56666.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable x-cbid: 16030802-0009-0000-0000-00000B017FBD Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1119 Lines: 25 On Fri, 2016-03-04 at 15:01 +0000, David Howells wrote: > Add a secondary system keyring that can be added to by root whilst the > system is running - provided the key being added is vouched for by a key > built into the kernel or already added to the secondary keyring. > > Rename .system_keyring to .builtin_trusted_keys to distinguish it more > obviously from the new keyring (called .secondary_trusted_keys). Renaming of the system_trusted_keyring to builtin_trusted_keys is fine, but we're left with a lot of references to "system_trusted" (eg. restrict_link_to_system_trusted, depends on SYSTEM_TRUSTED_KEYRING, the subsequent patch description and Kconfig use "system trusted keyrings", etc). Without changing these references, I'm not convinced this is an improvement. Mimi > The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING. > > If the secondary keyring is enabled, a link is created from that to > .builtin_trusted_keys so that the the latter will automatically be searched > too if the secondary keyring is searched. > > Signed-off-by: David Howells