Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp5910653pxv; Wed, 7 Jul 2021 14:52:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx+nCeSUObIVPVxi7UiXNTpPHJQN8hc084YCf1WH0UMYMg1Hn7touxlPAEDg6/2vtxbA41s X-Received: by 2002:aa7:c6cf:: with SMTP id b15mr33632164eds.212.1625694755327; Wed, 07 Jul 2021 14:52:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625694755; cv=none; d=google.com; s=arc-20160816; b=n6VGZNfZ4GZCRAH1i4KY23N4y3Gjbru8KzTfJM79mgL2AmJrjl4fqPZ0VKNma4f86v xaCevvwWiKEqXSkYgEDeD6V16phHbt9y6Z6jf79bi8xDA7pFYmALyP1jZMtzDvC0bfNu Wx6iTuYf+kNqmcAOYqWu/SvKxrhxtPePM6uZnlz1pGcoudTa72jcb0nCJizsRG6hDWy5 yAYZyK9KfrCMEYk0tbFIKdTawHFeHZaoH759Vx5uX24IfqQym+klJhA7AGrQrLRKPRMX Jt6wlCta1EAtKjbPGqhj1dUWrtkZnCQWL5DYAwXKS4LNndn63Dqr/iPPqVBZ9siOD86a baVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=tHKaD44R9EDh3GZatOSmG82+1HrPfYpaZyPg04GPuIE=; b=cM7cuS2lIq3kHzeg3cWJyOoS+q7WORpk8RZeRTFpjhDM4ukvfX6gSaMzvWpPGv5MLy ckaSe6Dz/ORWtyr9ZREeUt8m8XfOVgcj0dDT4ufHuXUuwO/I9gocaVTRyqD5I03lky3z 4IbRRrp4+/OwNMA3E5gaIwtIPVwC8kGJfsxKK/W4rPw5XCH3MypTHg4Qa1AxWMUms/XU FCuyJWr0Nevs4TPG/KWQu/VtCsNh2aEvQN1cLaOFrHVN4b06vPhB2PXMzTuYcr/XRxEd JI/V++4BMaKehAYXxWk6l3eO9bGUyLUF6vzTlnDowiVyqVPwaGN0OFVjTwbbuB5BH9FT Nn9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tbKfcOA6; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k4si209952eje.406.2021.07.07.14.52.04; Wed, 07 Jul 2021 14:52:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tbKfcOA6; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232603AbhGGV2y (ORCPT + 99 others); Wed, 7 Jul 2021 17:28:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:42636 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230312AbhGGV2y (ORCPT ); Wed, 7 Jul 2021 17:28:54 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2606D619CB; Wed, 7 Jul 2021 21:26:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1625693173; bh=/pVy166dfy+UrmpILZTvgIelpcvDiZkfwT6maygMI/s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=tbKfcOA64mpmf+AGiUavBt1B1NVDwqFMS6+zQUbbhUqwGaoOGsOJ/Ok5fCMXIUbgy 7YSLAzBg/uu7pkeLxWnHmRHpyldzZK/D9MmS53D0vZjCxEuBk+eNGlFKFcMWIOAAJ7 eOqYIKKWJ4r7zfKeQWUVn+DN3T67mYzZrzVwRFdH98KkmjFs4SERirmFaAgHYPQYj+ 3XdjnGjrQ5AYqGhXHHMwX+wXH1W7PuLap8pIB2lU/t6XLK9hfDvHygvpRqW5hBEkMv /rK9GWJHE1ySC3pOPXX6mcAaose2oadoQWgtB0kAxMahQo32o5wVza3rs/HK52ThDT 1RNdJyn4LWSDg== Date: Thu, 8 Jul 2021 00:26:11 +0300 From: Jarkko Sakkinen To: Linus Torvalds Cc: Eric Snowberg , keyrings@vger.kernel.org, linux-integrity , Mimi Zohar , David Howells , David Woodhouse , Herbert Xu , David Miller , James Morris James Morris , "Serge E. Hallyn" , Kees Cook , Greg Kroah-Hartman , scott.branden@broadcom.com, Wei Yongjun , Nayna Jain , Eric Biggers , Ard Biesheuvel , nramas@linux.microsoft.com, Lenny Szubowicz , Linux Kernel Mailing List , Linux Crypto Mailing List , LSM List , James Bottomley , Peter Jones , Gary Lin , Konrad Rzeszutek Wilk Subject: Re: [PATCH RFC 05/12] integrity: Introduce mok keyring Message-ID: <20210707212611.pdkmkxhqomkf4ngg@kernel.org> References: <20210707024403.1083977-1-eric.snowberg@oracle.com> <20210707024403.1083977-6-eric.snowberg@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Jul 07, 2021 at 12:31:23PM -0700, Linus Torvalds wrote: > On Tue, Jul 6, 2021 at 7:45 PM Eric Snowberg wrote: > > > > Introduce a new keyring called mok. This keyring will be used during > > boot. Afterwards it will be destroyed. > > Already discussed elsewhere, but yeah, when using TLA's, unless they > are universally understood (like "CPU" or "TLB" or whatever), please > spell them out somewhere for people who don't have the background. > > I saw that you said elsewhere that MOK is "Machine Owner Key", but > please let's just have that in the sources and commit messages at > least for the original new code cases. > > Maybe it becomes obvious over time as there is more history to the > code, but when you literally introduce a new concept, please spell it > out. > > Linus > I'd suggest for the short summary: "integrity: Introduce a Linux keyring for the Machine Owner Key (MOK)" Given that "keyring" is such a saturated and ambiguous word, and this not a subsystem patch for keyring itself, it should be explicit what is meant by a keyring. /Jarkko