diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2021-03-17 12:44:57 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2021-03-17 12:44:57 -0500 |
| commit | c7a5157d4de03982fcd2e3cd1f035858153ab349 (patch) | |
| tree | 668203ddf31d69847944bd024141f0df51734f08 /0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch | |
| parent | f1ef1f7f32c9a1eaf82dff51b2cc209b712a6b01 (diff) | |
| download | kernel-c7a5157d4de03982fcd2e3cd1f035858153ab349.tar.gz kernel-c7a5157d4de03982fcd2e3cd1f035858153ab349.tar.xz kernel-c7a5157d4de03982fcd2e3cd1f035858153ab349.zip | |
kernel-5.11.7-9
* Wed Mar 17 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.11.7-9]
- Disable weak-modules again rhbz 1828455 (Justin M. Forbes)
- More config updates for gcc-plugin turn off (Justin M. Forbes)
- fedora: the PCH_CAN driver is x86-32 only (Peter Robinson)
- common: disable legacy CAN device support (Peter Robinson)
- common: Enable Microchip MCP251x/MCP251xFD CAN controllers (Peter Robinson)
- common: Bosch MCAN support for Intel Elkhart Lake (Peter Robinson)
- common: enable CAN_PEAK_PCIEFD PCI-E driver (Peter Robinson)
- common: disable CAN_PEAK_PCIEC PCAN-ExpressCard (Peter Robinson)
- common: enable common CAN layer 2 protocols (Peter Robinson)
- ark: disable CAN_LEDS option (Peter Robinson)
Resolves: rhbz#
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
Diffstat (limited to '0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch')
| -rw-r--r-- | 0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch b/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch deleted file mode 100644 index c8426f6b5..000000000 --- a/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Robert Holmes <robeholmes@gmail.com> -Date: Tue, 23 Apr 2019 07:39:29 +0000 -Subject: [PATCH] KEYS: Make use of platform keyring for module signature - verify - -This patch completes commit 278311e417be ("kexec, KEYS: Make use of -platform keyring for signature verify") which, while adding the -platform keyring for bzImage verification, neglected to also add -this keyring for module verification. - -As such, kernel modules signed with keys from the MokList variable -were not successfully verified. - -Signed-off-by: Robert Holmes <robeholmes@gmail.com> -Signed-off-by: Jeremy Cline <jcline@redhat.com> ---- - kernel/module_signing.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/kernel/module_signing.c b/kernel/module_signing.c -index 9d9fc678c91d..84ad75a53c83 100644 ---- a/kernel/module_signing.c -+++ b/kernel/module_signing.c -@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info) - modlen -= sig_len + sizeof(ms); - info->len = modlen; - -- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, -+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, - VERIFY_USE_SECONDARY_KEYRING, - VERIFYING_MODULE_SIGNATURE, - NULL, NULL); -+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { -+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, -+ VERIFY_USE_PLATFORM_KEYRING, -+ VERIFYING_MODULE_SIGNATURE, -+ NULL, NULL); -+ } -+ return ret; - } --- -2.28.0 - |