• David Howells's avatar
    KEYS: Move the point of trust determination to __key_link() · cbf44a8c
    David Howells authored
    Move the point at which a key is determined to be trustworthy to
    __key_link() so that we use the contents of the keyring being linked in to
    to determine whether the key being linked in is trusted or not.
    
    What is 'trusted' then becomes a matter of what's in the keyring.
    
    Currently, the test is done when the key is parsed, but given that at that
    point we can only sensibly refer to the contents of the system trusted
    keyring, we can only use that as the basis for working out the
    trustworthiness of a new key.
    
    With this change, a trusted keyring is a set of keys that once the
    trusted-only flag is set cannot be added to except by verification through
    one of the contained keys.
    
    Further, adding a key into a trusted keyring, whilst it might grant
    trustworthiness in the context of that keyring, does not automatically
    grant trustworthiness in the context of a second keyring to which it could
    be secondarily linked.
    
    To accomplish this, the authentication data associated with the key source
    must now be retained.  For an X.509 cert, this means the contents of the
    AuthorityKeyIdentifier and the signature data.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    cbf44a8c
ima_mok.c 1.52 KB