------- Comment From <email address hidden> 2021-03-31 10:31 EDT-------
Hi,
> If the key is self-signed, shouldn't having the key in .builtin_trusted_keys
> allow for loading it into the IMA keyring? Or is that insufficient for some
> reason?
Yes, you could do that (I tried recently, in fact!), but then you'd need a userspace blob to perform that loading. As I understand it xnox isn't keen on more userspace blobs.
------- Comment From <email address hidden> 2021-03-31 10:31 EDT-------
Hi,
> If the key is self-signed, shouldn't having the key in .builtin_ trusted_ keys
> allow for loading it into the IMA keyring? Or is that insufficient for some
> reason?
Yes, you could do that (I tried recently, in fact!), but then you'd need a userspace blob to perform that loading. As I understand it xnox isn't keen on more userspace blobs.
Kind regards,
Daniel