[Ksummit-discuss] Last minute nominations: mcgrof and toshi
Luis R. Rodriguez
mcgrof at suse.com
Wed Jul 27 18:57:48 UTC 2016
On Wed, Jul 27, 2016 at 01:51:15PM -0400, James Bottomley wrote:
> On Wed, 2016-07-27 at 19:20 +0200, Luis R. Rodriguez wrote:
> > > As an aside to the aside, perhaps we want the .builtin_trusted_keys
> > > to be mutable up to the point the kernel finishes init and then
> > > immutable after. That would allow us to update it from the initrd
> > > if the composition of the secure boot keys was in question.
> >
> > Are you aware of other similar uses before ?
>
> Similar uses of what?
>
> Runtime immutable but boot time mutable? Yes, it's the UEFI variable
> lock protocol.
>
> Not wanting to put Microsoft keys in the immutable trusted keyring? No,
> it was just a suspicion based on how I'd feel if my secure boot system
> still had a MS key.
I'm currently generalizing some APIs for custom section uses, and
this may be one use case to generalize further. If this is done
per variable rather than per section, that's different though. Of
course we may still want this done per section instead, up to
implementation.
Luis
More information about the Ksummit-discuss
mailing list