Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp977164imu; Tue, 11 Dec 2018 10:31:04 -0800 (PST) X-Google-Smtp-Source: AFSGD/VLwZjKRc27ICA610y9UYnwfKd9RSiks/I9gPmiH7GSXWeGbfgQvlvSMen+e9+op/W6eAXU X-Received: by 2002:a63:561b:: with SMTP id k27mr15538142pgb.271.1544553064296; Tue, 11 Dec 2018 10:31:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544553064; cv=none; d=google.com; s=arc-20160816; b=VQmBOtRNjdrhHEypV5+T5kSGtQ9Sf9HREGuBzjUGCv4u8O1JGuw8RdUjHJzkekhxqX rC07+eD238bRmWCrLGEzMwlf8v2g0DnZhow9zDHvUapbL/wgvMTQnmJYXu4Sb7AQ0Zvu a1JpSrVG+rUp5dku1yteBbGmYU6hXX0lIvmQ/qoJEFKWfhngb1ix69+5v+zM/X/p6/Ls VbRLy3j3GARzLZzbMTNZr18MDyOPlov3fBGaedr4xlfSnSaBchkzCK6oG0FgOIDd3K7s sSFfNw/+RzGyTnzaV+3wCvmpFZ0tNAI5K/A+0wmKYOKAhQlflFjSH8H+awcUDe5MDyfL 9nFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=jnWGD8orTGNYgI7pLTDAtTtfg6GzOIbnoNLqjTAkGYo=; b=ZRBLaNebweLYfZVdwrlEttUNGKGZvOLxhsHi/ft+Z9bJ+9Tjm1ai59T6Y8+PEzYdEE LEjh+j5t9jS6UUjACMT9q3CVsoUu1/wnh5dVnFP+8VRGShHVHFiQE67gIUOQQYlRex+4 mtZKDGEELzcRlzI+dCr09x4e8Z8SmccY4cUaZxrq/M6lfBJQuqGrl3cU3rcvRa/rfcyo ae/nNVI/nc7kuip1l+JjJEQRzghtFaAJYgClGs46F0swpchkKgdj3W2kVB3iQlSg161v VNok2FhBZL9rRNIDGNvt9tkQfH74qqPRZ2S8Nk1hFKlLJlnLelHW7KX9mrZytlF1ca+b ApIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p8si12976082pls.83.2018.12.11.10.30.23; Tue, 11 Dec 2018 10:31:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727114AbeLKS2L (ORCPT + 99 others); Tue, 11 Dec 2018 13:28:11 -0500 Received: from namei.org ([65.99.196.166]:58920 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726664AbeLKS2L (ORCPT ); Tue, 11 Dec 2018 13:28:11 -0500 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id wBBIRiau011806; Tue, 11 Dec 2018 18:27:44 GMT Date: Wed, 12 Dec 2018 05:27:44 +1100 (AEDT) From: James Morris To: Nayna Jain cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, dhowells@redhat.com, jforbes@redhat.com, seth.forshee@canonical.com, kexec@lists.infradead.org, keyrings@vger.kernel.org, vgoyal@redhat.com, ebiederm@xmission.com, mpe@ellerman.id.au Subject: Re: [PATCH v2 1/7] integrity: Define a trusted platform keyring In-Reply-To: <20181208202705.18673-2-nayna@linux.ibm.com> Message-ID: References: <20181208202705.18673-1-nayna@linux.ibm.com> <20181208202705.18673-2-nayna@linux.ibm.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 9 Dec 2018, Nayna Jain wrote: > On secure boot enabled systems, a verified kernel may need to kexec > additional kernels. For example, it may be used as a bootloader needing > to kexec a target kernel or it may need to kexec a crashdump kernel. In > such cases, it may want to verify the signature of the next kernel > image. > > It is further possible that the kernel image is signed with third party > keys which are stored as platform or firmware keys in the 'db' variable. > The kernel, however, can not directly verify these platform keys, and an > administrator may therefore not want to trust them for arbitrary usage. > In order to differentiate platform keys from other keys and provide the > necessary separation of trust, the kernel needs an additional keyring to > store platform keys. > > This patch creates the new keyring called ".platform" to isolate keys > provided by platform from keys by kernel. These keys are used to > facilitate signature verification during kexec. Since the scope of this > keyring is only the platform/firmware keys, it cannot be updated from > userspace. > > This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING. > > Signed-off-by: Nayna Jain > Reviewed-by: Mimi Zohar > Acked-by: Serge Hallyn Reviewed-by: James Morris -- James Morris