Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752634AbdFMKS5 (ORCPT ); Tue, 13 Jun 2017 06:18:57 -0400 Received: from ozlabs.org ([103.22.144.67]:46415 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751895AbdFMKSz (ORCPT ); Tue, 13 Jun 2017 06:18:55 -0400 From: Michael Ellerman To: Thiago Jung Bauermann Cc: linux-security-module@vger.kernel.org, Jessica Yu , linuxppc-dev@lists.ozlabs.org, Rusty Russell , linux-kernel@vger.kernel.org, "David S. Miller" , David Howells , "AKASHI\, Takahiro" , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, James Morris , Dmitry Kasatkin , linux-ima-devel@lists.sourceforge.net, Herbert Xu , Mimi Zohar , David Woodhouse , "Serge E. Hallyn" Subject: Re: [PATCH v2 0/6] Appended signatures support for IMA appraisal In-Reply-To: <87efusyi3s.fsf@linux.vnet.ibm.com> References: <1496886555-10082-1-git-send-email-bauerman@linux.vnet.ibm.com> <87d1adihhk.fsf@concordia.ellerman.id.au> <87efusyi3s.fsf@linux.vnet.ibm.com> User-Agent: Notmuch/0.21 (https://notmuchmail.org) Date: Tue, 13 Jun 2017 20:18:51 +1000 Message-ID: <87tw3kgph0.fsf@concordia.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 689 Lines: 19 Thiago Jung Bauermann writes: > Michael Ellerman writes: > >> Thiago Jung Bauermann writes: >> >>> On the OpenPOWER platform, secure boot and trusted boot are being >>> implemented using IMA for taking measurements and verifying signatures. >> >> I still want you to implement arch_kexec_kernel_verify_sig() as well :) > > Yes, I will implement it! We are still working on loading the public > keys for kernel signing from the firmware into a kernel keyring, so > there's not much point in implementing arch_kexec_kernel_verify_sig > without having that first. OK. What's the ETA on those patches? cheers