[Linux-ima-user] How to load a key to trusted IMA keyring?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

What is the correct way to get a key loaded into the trusted ".ima" keyring?

If I try the CONFIG_IMA_LOAD_X509 way, this change removes the "KEY_ALLOC_TRUSTED" attribute required by a trusted keyring:
https://sourceforge.net/p/linux-ima/mailman/message/34449223/

Similar roadblock when trying to insert the key with 'keyctl padd asymmetric "" 0x12345678 < /etc/keys/x509_ima.der' but that is expected.

Built-in keys from CONFIG_SYSTEM_TRUSTED_KEYS only go to system keyring, but I'd need to put one to ".ima"

Loading the key to untrusted "_ima" keyring seems to work fine, but then you can't use CONFIG_IMA_APPRAISE_SIGNED_INIT.

I'm using Linux kernel 4.4 with Yocto Krogoth branch.

Many thanks,
Jaakko
---------------------------------------------------------------------
Intel Finland Oy
Registered Address: PL 281, 00181 Helsinki 
Business Identity Code: 0357606 - 4 
Domiciled in Helsinki 

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.