Hi Eric,
On Fri, 2025-01-03 at 23:27 +, Eric Snowberg wrote:
> > > +config SECURITY_CLAVIS
> > > + bool "Clavis keyring"
> >
> > Isn't SECURITY_CLAVIS the new LSM? Why is the bool defined as just "Clavis
> > keyring"?
> >
> > > + depends on SECURITY
> > > + select SYSTEM_DATA_VERIFICATION
>
> On Dec 23, 2024, at 5:01 PM, Mimi Zohar wrote:
>
> On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
>> Introduce a new system keyring called clavis. This keyring shall contain
>> a single asymmetric key. This key may be a linked to a key already
>> contained in one of the system keyri
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> Introduce a new system keyring called clavis. This keyring shall contain
> a single asymmetric key. This key may be a linked to a key already
> contained in one of the system keyrings (builtin, secondary, or platform).
Although "This key m
On Thu, 2024-10-17 at 20:34 +, Eric Snowberg wrote:
>
>
> > On Oct 17, 2024, at 10:50 AM, Jarkko Sakkinen
> > wrote:
> >
> > On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> > > +static struct asymmetric_key_id *clavis_parse_boot_param(char
> > > *kid,
> > > struct asymmetric_key_i
> On Oct 17, 2024, at 10:50 AM, Jarkko Sakkinen wrote:
>
> On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
>> +static struct asymmetric_key_id *clavis_parse_boot_param(char *kid,
>> struct asymmetric_key_id *akid,
>> + int
>> akid_max_len)
>> +{
>> + int error, hex_len;
>> +
>> + if (!k
On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> +static struct asymmetric_key_id *clavis_parse_boot_param(char *kid,
> struct asymmetric_key_id *akid,
> + int
> akid_max_len)
> +{
> + int error, hex_len;
> +
> + if (!kid)
> +
Introduce a new system keyring called clavis. This keyring shall contain
a single asymmetric key. This key may be a linked to a key already
contained in one of the system keyrings (builtin, secondary, or platform).
One way to add this key into this keyring is during boot by passing in the
asymmetr
