Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3130755imu; Sun, 13 Jan 2019 19:29:43 -0800 (PST) X-Google-Smtp-Source: ALg8bN79/D/1v7aQwaN2mMkv7oqaPB0J0V12F9HcCLXRberTQ2Iab6ZxvPfWIOt3NvgeEXh2RAQU X-Received: by 2002:a63:77ce:: with SMTP id s197mr11277908pgc.89.1547436583835; Sun, 13 Jan 2019 19:29:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547436583; cv=none; d=google.com; s=arc-20160816; b=GFU15S6k6rnuRFrfSTqsTKg+WZ0VnaDU7VAHjBSQQgEitU5lSRLCuyc+StLUh78Vc2 p27I1DbCvX4m5BTBBnAvsXklOE+5CV2c0gQGKOUoB23bUiorrJ1h8JuRteDLAwb85K3+ ffop8VkYvQzA2ka3d2O6QdRa9fIzsRQZ/e63V7XOHdWoAYNmwYWsiNdVJs46t++WBJLZ y8RlBU7ZAxtlJqT65XmvTWBxuvnUzsO6YFgLhBTdgSh49IG1g3j/WBy9bH4beq8Xrm6w yXFnewmi2AIsJBQruDt2aVStpuKLFz0i/aDVXRuaJTl4FWXPPTfPXfs5GlGAZSogzE2E rT3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=sc2ojNAdryMQgpkRfU7IeXwdIIrfg2jNPH4ut/Zpy4c=; b=OvShErlq1Su1e9k7BNr3opuYzPH53+V6KZyFsT2q436kDLT8u9M9AWHTQQ+hw9FqSV afs2zoMfY4vxu2GPCVCbxZr+XZQ3rqwuphLMqig28F9W08iqaOD7kjNxq4QZC4DKosfa 5/2Ou1wct9s4CFh3WTcJTy1guDP9gqRNKSrBKRUuauqVuJWJ2mwpQuBTmOSCmx0a52O3 JtMjaLDW/XmH/3rGSy9KBDslyCuHz5BEBFNONTwrB6uUJ8ScP2faUkOsuNqRHy7Fg2Wn AOQpyBQBKRDly5yE6eru3r6WdEceNYUZ4on0nnJl2qtscaMF/ZhFF9HOygC6l22eHWDP zw7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 73si25048653pfm.50.2019.01.13.19.29.28; Sun, 13 Jan 2019 19:29:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726732AbfAND2X (ORCPT + 99 others); Sun, 13 Jan 2019 22:28:23 -0500 Received: from mail-io1-f66.google.com ([209.85.166.66]:37488 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726699AbfAND2W (ORCPT ); Sun, 13 Jan 2019 22:28:22 -0500 Received: by mail-io1-f66.google.com with SMTP id g8so16607890iok.4 for ; Sun, 13 Jan 2019 19:28:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sc2ojNAdryMQgpkRfU7IeXwdIIrfg2jNPH4ut/Zpy4c=; b=rb/VPT1UdfxzDM6SxbUg6yeNF65EUvgfHb4tUfDmQzUomtHb5H1tywCDbQcRy95shz e8hYj8TBajhdb+01jGE48oJVNfIaHdk5CzT5SYw6y4H0Ckzy8ldF7RUj2FcDz+AS+5c8 CELKV5EG4YvCEOS1Ae1PTPnPlRlzPHkVXJZVhU7Ol9kaUF1TpUAnumnNUi7l97Fcdujh zJDtU8pZyV4QiNQyF4Jl79Jdiub+ge8SfKGJBiqd9jucRptQeTUObZ2uZxp5+VYZxv2m 5crope8B9ymV+algEbPFi6cDa5Aa/D97DYvw6cGUYnnXyO2NrC9bz/XT7MxsjdQo7uW9 UFuA== X-Gm-Message-State: AJcUukekU+ny2gP1BTrxtFNTzpXonpI1RfoLmwOMvp1vdpO53cP87FG1 7fSJ/rmdX/MnKLt5TWpRN9ye7AmINPGdZz88K3KHdg== X-Received: by 2002:a5d:8889:: with SMTP id d9mr16280589ioo.68.1547436501917; Sun, 13 Jan 2019 19:28:21 -0800 (PST) MIME-Version: 1.0 References: <20190109164824.19708-1-kasong@redhat.com> <20190109164824.19708-3-kasong@redhat.com> <20190111134303.GA12760@dhcp-128-65.nay.redhat.com> <1547223220.19931.471.camel@linux.ibm.com> <20190113013958.GA14019@dhcp-128-65.nay.redhat.com> In-Reply-To: <20190113013958.GA14019@dhcp-128-65.nay.redhat.com> From: Kairui Song Date: Mon, 14 Jan 2019 11:28:10 +0800 Message-ID: Subject: Re: [RFC PATCH 2/2] kexec, KEYS: Make use of platform keyring for signature verify To: Mimi Zohar Cc: Dave Young , linux-kernel@vger.kernel.org, David Howells , David Woodhouse , jwboyer@fedoraproject.org, keyrings@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, bauerman@linux.ibm.com, Eric Biggers , nayna@linux.ibm.com, linux-integrity , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Mimi, Dave I checked the previous patches: https://www.spinics.net/lists/keyrings/msg03518.html https://www.spinics.net/lists/keyrings/msg03517.html https://www.spinics.net/lists/keyrings/msg03516.html That the latest patched I could found that placed the platform keyring in certs/ However it didn't cc kexec list, and so I think Dave didn't receive them. I could compose a patch to use the previous design, how do you think? On Sun, Jan 13, 2019 at 9:40 AM Dave Young wrote: > > Hi, > > On 01/11/19 at 11:13am, Mimi Zohar wrote: > > On Fri, 2019-01-11 at 21:43 +0800, Dave Young wrote: > > [snip] > > > > > Personally I would like to see platform key separated from integrity. > > > But for the kexec_file part I think it is good at least it works with > > > this fix. > > > > > > Acked-by: Dave Young > > > > The original "platform" keyring patches that Nayna posted multiple > > times were in the certs directory, but nobody commented/responded. So > > she reworked the patches, moving them to the integrity directory and > > posted them (cc'ing the kexec mailing list). It's a bit late to be > > asking to move it, isn't it? > > Hmm, apologize for being late, I did not get chance to have a look the > old series. Since we have the needs now, it should be still fine > > Maybe Kairui can check Nayna's old series, see if he can do something > again? > > > > > Mimi > > > > Thanks > Dave -- Best Regards, Kairui Song