diff options
author | Jeremy Cline <jcline@redhat.com> | 2019-04-23 14:21:09 +0000 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2019-04-23 14:21:09 +0000 |
commit | 3313b2c33243db60692efa7592f4d8500ba513a5 (patch) | |
tree | fc464624e0b458242455fc72355e2324406cb046 /kernel.spec | |
parent | 8f968e6f02434f4d0702fa562a1b364a353757c2 (diff) | |
download | kernel-3313b2c33243db60692efa7592f4d8500ba513a5.tar.gz kernel-3313b2c33243db60692efa7592f4d8500ba513a5.tar.xz kernel-3313b2c33243db60692efa7592f4d8500ba513a5.zip |
Check module signatures with the platform keyring (if enabled)
Upstream has made a keyring to the platform keys. The "KEYS: Allow
unrestricted boot-time addition of keys to secondary keyring" is
available upstream for the platform keyring.
The only issue is that module signatures aren't checked with the
platform keyring, so this introduces a patch to add that which has been
sent upstream. At least our carried-patch count hasn't gone up.
Diffstat (limited to 'kernel.spec')
-rw-r--r-- | kernel.spec | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/kernel.spec b/kernel.spec index ada3efa8b..ea7952969 100644 --- a/kernel.spec +++ b/kernel.spec @@ -532,8 +532,6 @@ Patch122: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch Patch201: efi-lockdown.patch -Patch202: KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch - # bz 1497559 - Make kernel MODSIGN code not error on missing variables Patch207: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch Patch208: 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch @@ -585,6 +583,10 @@ Patch501: input-rmi4-remove-the-need-for-artifical-IRQ.patch Patch506: 0001-s390-jump_label-Correct-asm-contraint.patch Patch507: 0001-Drop-that-for-now.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1701096 +# Submitted upstream at https://lkml.org/lkml/2019/4/23/89 +Patch508: KEYS-Make-use-of-platform-keyring-for-module-signature.patch + # END OF PATCH DEFINITIONS %endif @@ -1858,6 +1860,9 @@ fi # # %changelog +* Tue Apr 23 2019 Jeremy Cline <jcline@redhat.com> +- Allow modules signed by keys in the platform keyring (rbhz 1701096) + * Mon Apr 22 2019 Jeremy Cline <jcline@redhat.com> - 5.1.0-0.rc6.git0.1 - Linux v5.1-rc6 |