> On Apr 4, 2024, at 4:40 PM, Mimi Zohar wrote:
>
> Hi Eric,
>
>> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
>> index 9de610bf1f4b..b647be49f6e0 100644
>> --- a/certs/system_keyring.c
>> +++ b/certs/system_keyring.c
>> @@ -426,3 +426,32 @@ void __init set_platform_trusted_key
Hi Eric,
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 9de610bf1f4b..b647be49f6e0 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -426,3 +426,32 @@ void __init set_platform_trusted_keys(struct key
> *keyring)
> platform_trusted_keys = keyrin
On Mon Mar 11, 2024 at 11:31 PM EET, Eric Snowberg wrote:
>
>
> > On Mar 11, 2024, at 1:18 PM, Jarkko Sakkinen wrote:
> >
> > On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
> >> + return -1;
> >
> > Missed this one: why a magic number?
>
> Good point, I'll change this to return -ENOKEY
; linux-
> cry...@vger.kernel.org; linux-...@vger.kernel.org; linux-
> integr...@vger.kernel.org
> Subject: [EXTERNAL] [PATCH RFC 1/8] certs: Introduce ability to link to a
> system key
>
> Prioritize security for external emails: Confirm sender and content sa
> On Mar 11, 2024, at 1:18 PM, Jarkko Sakkinen wrote:
>
> On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
>> + return -1;
>
> Missed this one: why a magic number?
Good point, I'll change this to return -ENOKEY. Thanks.
> On Mar 11, 2024, at 1:16 PM, Jarkko Sakkinen wrote:
>
> On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
>> Introduce a new function to allow a keyring to link to a key contained
>> within one of the system keyrings (builtin, secondary, or platform).
>> Depending on how the kernel is
On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
> + return -1;
Missed this one: why a magic number?
BR, Jarkko
On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
> Introduce a new function to allow a keyring to link to a key contained
> within one of the system keyrings (builtin, secondary, or platform).
> Depending on how the kernel is built, if the machine keyring is
> available, it will be checked
Introduce a new function to allow a keyring to link to a key contained
within one of the system keyrings (builtin, secondary, or platform).
Depending on how the kernel is built, if the machine keyring is
available, it will be checked as well, since it is linked to the secondary
keyring. If the asym
