From f7a55ba381de17d8e5511a97441944b797aa62a5 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Wed, 7 Oct 2020 09:54:44 -0500
Subject: kernel-5.9.0-0.rc8.20201007git7575fdda569b.29

* Wed Oct 07 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.9.0-0.rc8.20201007git7575fdda569b.29]
- Merge ark-patches
Resolves: rhbz#

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
---
 ...se-of-platform-keyring-for-module-signatu.patch | 44 ----------------------
 1 file changed, 44 deletions(-)
 delete mode 100644 0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch

(limited to '0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch')

diff --git a/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch b/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
deleted file mode 100644
index c8426f6b5..000000000
--- a/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Robert Holmes <robeholmes@gmail.com>
-Date: Tue, 23 Apr 2019 07:39:29 +0000
-Subject: [PATCH] KEYS: Make use of platform keyring for module signature
- verify
-
-This patch completes commit 278311e417be ("kexec, KEYS: Make use of
-platform keyring for signature verify") which, while adding the
-platform keyring for bzImage verification, neglected to also add
-this keyring for module verification.
-
-As such, kernel modules signed with keys from the MokList variable
-were not successfully verified.
-
-Signed-off-by: Robert Holmes <robeholmes@gmail.com>
-Signed-off-by: Jeremy Cline <jcline@redhat.com>
----
- kernel/module_signing.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/kernel/module_signing.c b/kernel/module_signing.c
-index 9d9fc678c91d..84ad75a53c83 100644
---- a/kernel/module_signing.c
-+++ b/kernel/module_signing.c
-@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
- 	modlen -= sig_len + sizeof(ms);
- 	info->len = modlen;
-
--	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+	ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
- 				      VERIFY_USE_SECONDARY_KEYRING,
- 				      VERIFYING_MODULE_SIGNATURE,
- 				      NULL, NULL);
-+	if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
-+		ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+				VERIFY_USE_PLATFORM_KEYRING,
-+				VERIFYING_MODULE_SIGNATURE,
-+				NULL, NULL);
-+	}
-+	return ret;
- }
--- 
-2.28.0
-
-- 
cgit