Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp977164imu;
        Tue, 11 Dec 2018 10:31:04 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VLwZjKRc27ICA610y9UYnwfKd9RSiks/I9gPmiH7GSXWeGbfgQvlvSMen+e9+op/W6eAXU
X-Received: by 2002:a63:561b:: with SMTP id k27mr15538142pgb.271.1544553064296;
        Tue, 11 Dec 2018 10:31:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544553064; cv=none;
        d=google.com; s=arc-20160816;
        b=VQmBOtRNjdrhHEypV5+T5kSGtQ9Sf9HREGuBzjUGCv4u8O1JGuw8RdUjHJzkekhxqX
         rC07+eD238bRmWCrLGEzMwlf8v2g0DnZhow9zDHvUapbL/wgvMTQnmJYXu4Sb7AQ0Zvu
         a1JpSrVG+rUp5dku1yteBbGmYU6hXX0lIvmQ/qoJEFKWfhngb1ix69+5v+zM/X/p6/Ls
         VbRLy3j3GARzLZzbMTNZr18MDyOPlov3fBGaedr4xlfSnSaBchkzCK6oG0FgOIDd3K7s
         sSFfNw/+RzGyTnzaV+3wCvmpFZ0tNAI5K/A+0wmKYOKAhQlflFjSH8H+awcUDe5MDyfL
         9nFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=jnWGD8orTGNYgI7pLTDAtTtfg6GzOIbnoNLqjTAkGYo=;
        b=ZRBLaNebweLYfZVdwrlEttUNGKGZvOLxhsHi/ft+Z9bJ+9Tjm1ai59T6Y8+PEzYdEE
         LEjh+j5t9jS6UUjACMT9q3CVsoUu1/wnh5dVnFP+8VRGShHVHFiQE67gIUOQQYlRex+4
         mtZKDGEELzcRlzI+dCr09x4e8Z8SmccY4cUaZxrq/M6lfBJQuqGrl3cU3rcvRa/rfcyo
         ae/nNVI/nc7kuip1l+JjJEQRzghtFaAJYgClGs46F0swpchkKgdj3W2kVB3iQlSg161v
         VNok2FhBZL9rRNIDGNvt9tkQfH74qqPRZ2S8Nk1hFKlLJlnLelHW7KX9mrZytlF1ca+b
         ApIA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p8si12976082pls.83.2018.12.11.10.30.23;
        Tue, 11 Dec 2018 10:31:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727114AbeLKS2L (ORCPT <rfc822;ivid.suvarna@gmail.com>
        + 99 others); Tue, 11 Dec 2018 13:28:11 -0500
Received: from namei.org ([65.99.196.166]:58920 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726664AbeLKS2L (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 11 Dec 2018 13:28:11 -0500
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id wBBIRiau011806;
        Tue, 11 Dec 2018 18:27:44 GMT
Date:   Wed, 12 Dec 2018 05:27:44 +1100 (AEDT)
From:   James Morris <jmorris@namei.org>
To:     Nayna Jain <nayna@linux.ibm.com>
cc:     linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
        linux-kernel@vger.kernel.org, zohar@linux.ibm.com,
        dhowells@redhat.com, jforbes@redhat.com,
        seth.forshee@canonical.com, kexec@lists.infradead.org,
        keyrings@vger.kernel.org, vgoyal@redhat.com, ebiederm@xmission.com,
        mpe@ellerman.id.au
Subject: Re: [PATCH v2 1/7] integrity: Define a trusted platform keyring
In-Reply-To: <20181208202705.18673-2-nayna@linux.ibm.com>
Message-ID: <alpine.LRH.2.21.1812120527150.11653@namei.org>
References: <20181208202705.18673-1-nayna@linux.ibm.com> <20181208202705.18673-2-nayna@linux.ibm.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, 9 Dec 2018, Nayna Jain wrote:

> On secure boot enabled systems, a verified kernel may need to kexec
> additional kernels. For example, it may be used as a bootloader needing
> to kexec a target kernel or it may need to kexec a crashdump kernel. In
> such cases, it may want to verify the signature of the next kernel
> image.
> 
> It is further possible that the kernel image is signed with third party
> keys which are stored as platform or firmware keys in the 'db' variable.
> The kernel, however, can not directly verify these platform keys, and an
> administrator may therefore not want to trust them for arbitrary usage.
> In order to differentiate platform keys from other keys and provide the
> necessary separation of trust, the kernel needs an additional keyring to
> store platform keys.
> 
> This patch creates the new keyring called ".platform" to isolate keys
> provided by platform from keys by kernel. These keys are used to
> facilitate signature verification during kexec. Since the scope of this
> keyring is only the platform/firmware keys, it cannot be updated from
> userspace.
> 
> This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING.
> 
> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> Acked-by: Serge Hallyn <serge@hallyn.com>


Reviewed-by: James Morris <james.morris@microsoft.com>


-- 
James Morris
<jmorris@namei.org>