On Fri, Dec 04, 2020 at 02:01:36PM +, David Howells wrote:
> Mickaël Salaün wrote:
>
> > > What would be easiest way to smoke test the changes?
> >
> > An easy way to test it is to enable the second trusted keyring to
> > dynamically load certificates in the kernel. Then we can create a hash
Mickaël Salaün wrote:
> > What would be easiest way to smoke test the changes?
>
> An easy way to test it is to enable the second trusted keyring to
> dynamically load certificates in the kernel. Then we can create a hash
> of a valid certificate (but not loaded yet) and sign it as explained in
On Mon, Nov 30, 2020 at 09:23:59AM +0100, Mickaël Salaün wrote:
>
> On 30/11/2020 03:40, Jarkko Sakkinen wrote:
> > On Fri, Nov 20, 2020 at 07:04:17PM +0100, Mickaël Salaün wrote:
> >> Hi,
> >>
> >> This patch series mainly add a new configuration option to enable the
> >> root user to load signed
On 30/11/2020 03:40, Jarkko Sakkinen wrote:
> On Fri, Nov 20, 2020 at 07:04:17PM +0100, Mickaël Salaün wrote:
>> Hi,
>>
>> This patch series mainly add a new configuration option to enable the
>> root user to load signed keys in the blacklist keyring. This keyring is
>> useful to "untrust" certi
On Fri, Nov 20, 2020 at 07:04:17PM +0100, Mickaël Salaün wrote:
> Hi,
>
> This patch series mainly add a new configuration option to enable the
> root user to load signed keys in the blacklist keyring. This keyring is
> useful to "untrust" certificates or files. Enabling to safely update
> this
