diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2020-04-15 06:23:20 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2020-04-15 06:23:20 +0200 |
commit | 5403e7c67e6625df392da2438d02c70442fd1952 (patch) | |
tree | 988c327386789b1b9fefe7ba1cebed2c7a387b32 /KEYS-Make-use-of-platform-keyring-for-module-signature.patch | |
parent | b1e22a960e2a6f39797e7d2022994df2176ad1e9 (diff) | |
parent | 0310b312a7e5dffcdf24ae835ed732f7a6a9c471 (diff) | |
download | kernel-5403e7c67e6625df392da2438d02c70442fd1952.tar.gz kernel-5403e7c67e6625df392da2438d02c70442fd1952.tar.xz kernel-5403e7c67e6625df392da2438d02c70442fd1952.zip |
blindly merge master, no adjustments to the new world order yet
Diffstat (limited to 'KEYS-Make-use-of-platform-keyring-for-module-signature.patch')
-rw-r--r-- | KEYS-Make-use-of-platform-keyring-for-module-signature.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/KEYS-Make-use-of-platform-keyring-for-module-signature.patch b/KEYS-Make-use-of-platform-keyring-for-module-signature.patch deleted file mode 100644 index 7c2a0b68d..000000000 --- a/KEYS-Make-use-of-platform-keyring-for-module-signature.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 70cecc97a4fc1667472224558a50dd7b6c42c789 Mon Sep 17 00:00:00 2001 -From: Robert Holmes <robeholmes@gmail.com> -Date: Tue, 23 Apr 2019 07:39:29 +0000 -Subject: [PATCH] KEYS: Make use of platform keyring for module signature - verify - -This patch completes commit 278311e417be ("kexec, KEYS: Make use of -platform keyring for signature verify") which, while adding the -platform keyring for bzImage verification, neglected to also add -this keyring for module verification. - -As such, kernel modules signed with keys from the MokList variable -were not successfully verified. - -Signed-off-by: Robert Holmes <robeholmes@gmail.com> -Signed-off-by: Jeremy Cline <jcline@redhat.com> ---- - kernel/module_signing.c | 16 ++++++++++++---- - 1 file changed, 12 insertions(+), 4 deletions(-) - -diff --git a/kernel/module_signing.c b/kernel/module_signing.c -index 9d9fc678c91d..84ad75a53c83 100644 ---- a/kernel/module_signing.c -+++ b/kernel/module_signing.c -@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info) - modlen -= sig_len + sizeof(ms); - info->len = modlen; - -- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, -+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, - VERIFY_USE_SECONDARY_KEYRING, - VERIFYING_MODULE_SIGNATURE, - NULL, NULL); -+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { -+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, -+ VERIFY_USE_PLATFORM_KEYRING, -+ VERIFYING_MODULE_SIGNATURE, -+ NULL, NULL); -+ } -+ return ret; - } --- -2.21.0 |