summaryrefslogtreecommitdiffstats
path: root/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
diff options
context:
space:
mode:
Diffstat (limited to 'KEYS-Make-use-of-platform-keyring-for-module-signature.patch')
-rw-r--r--KEYS-Make-use-of-platform-keyring-for-module-signature.patch33
1 files changed, 11 insertions, 22 deletions
diff --git a/KEYS-Make-use-of-platform-keyring-for-module-signature.patch b/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
index a13dcdba5..7c2a0b68d 100644
--- a/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
+++ b/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
@@ -13,42 +13,31 @@ As such, kernel modules signed with keys from the MokList variable
were not successfully verified.
Signed-off-by: Robert Holmes <robeholmes@gmail.com>
+Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
kernel/module_signing.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
-index 6b9a926fd86b..cf94220e9154 100644
+index 9d9fc678c91d..84ad75a53c83 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
-@@ -49,6 +49,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
- {
- struct module_signature ms;
- size_t sig_len, modlen = info->len;
-+ int ret;
-
- pr_devel("==>%s(,%zu)\n", __func__, modlen);
-
-@@ -82,8 +83,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
- return -EBADMSG;
- }
+@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
+ modlen -= sig_len + sizeof(ms);
+ info->len = modlen;
- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-- VERIFY_USE_SECONDARY_KEYRING,
-- VERIFYING_MODULE_SIGNATURE,
-- NULL, NULL);
+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+ VERIFY_USE_SECONDARY_KEYRING,
-+ VERIFYING_MODULE_SIGNATURE,
-+ NULL, NULL);
+ VERIFY_USE_SECONDARY_KEYRING,
+ VERIFYING_MODULE_SIGNATURE,
+ NULL, NULL);
+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+ VERIFY_USE_PLATFORM_KEYRING,
-+ VERIFYING_MODULE_SIGNATURE,
-+ NULL, NULL);
++ VERIFY_USE_PLATFORM_KEYRING,
++ VERIFYING_MODULE_SIGNATURE,
++ NULL, NULL);
+ }
+ return ret;
}
--
2.21.0
-
generated by cgit (git 2.34.1) at 2024-04-28 18:25:28 +0000