Hi,

Contents:

- Restrict linking of keys to .ima and .evm keyrings based on
  digitalSignature attribute in the certificate.
- PowerVM: load machine owner keys into the .machine [1] keyring.
- PowerVM: load module signing keys into the secondary trusted keyring
  (keys blessed by the vendor).
- tpm_tis_spi: half-duplex transfer mode
- tpm_tis: retry corrupted transfers
- Apply revocation list (.mokx) to an all system keyrings (e.g. .machine
  keyring).

[1] https://blogs.oracle.com/linux/post/the-machine-keyring

BR, Jarkko
-----BEGIN PGP SIGNATURE-----

iIgEABYIADAWIQRE6pSOnaBC00OEHEIaerohdGur0gUCZN5/qBIcamFya2tvQGtl
cm5lbC5vcmcACgkQGnq6IXRrq9J4GQEAstTtQfGGrx5KInOTMWOvaq/Cum5iW4AD
NefVfbUtCCQBANvFtxoPYQS5u6+rIdxzIwFiNUlOyt2uR2bkk4UUiPML
=Vvs8
-----END PGP SIGNATURE-----