aleph/lkl_linux
1
0
Fork 0
mirror of https://github.com/lkl/linux.git synced 2025-12-19 08:03:01 +09:00
Code Issues Packages Projects Releases Wiki Activity

ima: enable loading of build time generated key on .ima keyring

Browse Source 
The kernel currently only loads the kernel module signing key onto the
builtin trusted keyring. Load the module signing key onto the IMA keyring
as well.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Nayna Jain
2021-04-09 10:35:07 -04:00
committed by Mimi Zohar
parent 0165f4ca22
commit 6cbdfb3d91
4 changed files with 61 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/keys/system_keyring.h
View File

@@ -16,9 +16,16 @@ extern int restrict_link_by_builtin_trusted(struct key *keyring,
const struct key_type *type,
const union key_payload *payload,
struct key *restriction_key);
extern __init int load_module_cert(struct key *keyring);
#else
#define restrict_link_by_builtin_trusted restrict_link_reject
static inline __init int load_module_cert(struct key *keyring)
{
return 0;
}
#endif
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING