Allow to enroll custom IMA keys (!2596) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Coiby Xu requested to merge coxu/centos-stream-9:ima_custom_key into main May 24, 2023

Bugzilla: https://bugzilla.redhat.com/2055205

This patch set allows enrolling customer keys for IMA signatures by enabling the .machine keyring for UEFI-based systems. Users will add their customer IMA CA certifciates/keys to the MOK list and the keys will eventually be loaded to the .machine keyring which is linked the the .secondary_trusted_keys keyring.

Signed-off-by: Coiby Xu coxu@redhat.com

Allow to enroll custom IMA keys

Merge request reports