Received: by 10.192.165.148 with SMTP id m20csp2091349imm; Thu, 3 May 2018 10:13:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpx920ZjsC4NkB06kxkPMGm1jPjw2CpziyXyHoUseRwUfDjp5e3iLWXzI4MdPenNF7g9TPm X-Received: by 2002:a65:62c2:: with SMTP id m2-v6mr20201146pgv.164.1525367614005; Thu, 03 May 2018 10:13:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525367613; cv=none; d=google.com; s=arc-20160816; b=AcmS3KRwINQzYx/5jPajQ91f1SO0481lGX7kPT12QLI7XCztLTivCpkwefJReWbNPI DbvqCONZlnpap9TclBEC/u9FRbDIDS2rXvGyulfHabxB8T1c+YXITQ9gUEEfSpu2zre0 yUT/RR6mzhAZLqYc6bsumCV/YO4UBHuLjqgUU4Z1aEjg/XnCkU4soqseai/DR/DMYRru Fm8OSQaZhT8rPwnesLZjSqYoKmBIC3c+YP2dbsEwtIynLbkvuM9aZf9UegdKOgejfBzl 8Y70ypbTE0NZu2EnncSsfhhhbkIv97clBB+ffBAwxsLAVgoC5e2bF2f6lUunNLm6GtMz y7hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=W+UmCJDB/atraTUKs/NW20lcGMhjz0EVTin7gdvAgAU=; b=WC8S0b/fm4QmphaMnHj4SlIgUgEMupQK3ZdEWFXFMnWyvcS+0zWjLKbpBF3S+HLEgP QurQvz209JW7SQO+ihBzDnojsDZMQXl9rrqFuXRAIqhreBP98RvRTjnppy3e2TAldEUF GkaKn/PPJ1pi8UOtRJpQlPGQsW8GFDCuAJX8V4THvIDCLfxcQUE80a6ykKBiAxbjZwgh g3z9Brx6ziVzgDINwTsyzUmjP/xtdaXJ6pYX0Nwfr+SAhVMrsq6Vm4utONzfgvIDMBTP Oot9ebS3w0CAIPRYTUMj0aQ2y1q37IkcNOjNOefiwkPFlNPq59eAGk9fCXPtiI24aFBV fRoQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 189-v6si11815562pgi.254.2018.05.03.10.13.19; Thu, 03 May 2018 10:13:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751307AbeECRL4 (ORCPT + 99 others); Thu, 3 May 2018 13:11:56 -0400 Received: from namei.org ([65.99.196.166]:59270 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750954AbeECRLy (ORCPT ); Thu, 3 May 2018 13:11:54 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id w43HBVfn021459; Thu, 3 May 2018 17:11:31 GMT Date: Fri, 4 May 2018 03:11:31 +1000 (AEST) From: James Morris To: Mehmet Kayaalp cc: David Howells , David Woodhouse , Keyrings , Linux Integrity , Linux Security , Linux Kernel , Mimi Zohar , Stefan Berger , George Wilson , Mike Rapoport Subject: Re: [PATCH v6 0/4] Certificate insertion support for x86 bzImages In-Reply-To: <20180502230811.2751-1-mkayaalp@linux.vnet.ibm.com> Message-ID: References: <20180502230811.2751-1-mkayaalp@linux.vnet.ibm.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2 May 2018, Mehmet Kayaalp wrote: > These patches add support for modifying the reserved space for extra > certificates in a compressed bzImage in x86. This allows separating the > system keyring certificate from the kernel build process. After the kernel > image is distributed, the insert-sys-cert script can be used to insert the > certificate for x86. Can you provide more explanation of how this is useful and who would use it? -- James Morris