Message ID | 20210225125638.1841436-1-arnd@kernel.org (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | certs: select PKCS7_MESSAGE_PARSER if needed | expand |
Arnd Bergmann <arnd@kernel.org> wrote:
> + select PKCS7_MESSAGE_PARSER if INTEGRITY_PLATFORM_KEYRING
I think a better way to do it is to add a separate config option for dealing
with revocation certs, which is part of what I suggested here:
https://lore.kernel.org/keyrings/3731128.1614163916@warthog.procyon.org.uk/
David
On Thu, Feb 25, 2021 at 3:12 PM David Howells <dhowells@redhat.com> wrote: > > Arnd Bergmann <arnd@kernel.org> wrote: > > > + select PKCS7_MESSAGE_PARSER if INTEGRITY_PLATFORM_KEYRING > > I think a better way to do it is to add a separate config option for dealing > with revocation certs, which is part of what I suggested here: > > https://lore.kernel.org/keyrings/3731128.1614163916@warthog.procyon.org.uk/ Ok, sounds good. Can this make it into v5.12 though, or do we need an intermediate fix to avoid the build failure? Arnd
diff --git a/certs/Kconfig b/certs/Kconfig index 379a6e198459..21192bb25c79 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -68,6 +68,7 @@ config SECONDARY_TRUSTED_KEYRING config SYSTEM_BLACKLIST_KEYRING bool "Provide system-wide ring of blacklisted keys" depends on KEYS + select PKCS7_MESSAGE_PARSER if INTEGRITY_PLATFORM_KEYRING help Provide a system keyring to which blacklisted keys can be added. Keys in the keyring are considered entirely untrusted. Keys in this