From 0310b312a7e5dffcdf24ae835ed732f7a6a9c471 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Tue, 14 Apr 2020 17:53:23 -0400
Subject: kernel-5.7.0-0.rc1.20200414git8632e9b5645b.1

This is an automated commit generated from the
kernel-5.7.0-0.rc1.20200414git8632e9b5645b.1 tag in
https://gitlab.com/cki-project/kernel-ark.git
---
 ...-of-platform-keyring-for-module-signature.patch | 43 ----------------------
 1 file changed, 43 deletions(-)
 delete mode 100644 KEYS-Make-use-of-platform-keyring-for-module-signature.patch

(limited to 'KEYS-Make-use-of-platform-keyring-for-module-signature.patch')

diff --git a/KEYS-Make-use-of-platform-keyring-for-module-signature.patch b/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
deleted file mode 100644
index 7c2a0b68d..000000000
--- a/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 70cecc97a4fc1667472224558a50dd7b6c42c789 Mon Sep 17 00:00:00 2001
-From: Robert Holmes <robeholmes@gmail.com>
-Date: Tue, 23 Apr 2019 07:39:29 +0000
-Subject: [PATCH] KEYS: Make use of platform keyring for module signature
- verify
-
-This patch completes commit 278311e417be ("kexec, KEYS: Make use of
-platform keyring for signature verify") which, while adding the
-platform keyring for bzImage verification, neglected to also add
-this keyring for module verification.
-
-As such, kernel modules signed with keys from the MokList variable
-were not successfully verified.
-
-Signed-off-by: Robert Holmes <robeholmes@gmail.com>
-Signed-off-by: Jeremy Cline <jcline@redhat.com>
----
- kernel/module_signing.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/kernel/module_signing.c b/kernel/module_signing.c
-index 9d9fc678c91d..84ad75a53c83 100644
---- a/kernel/module_signing.c
-+++ b/kernel/module_signing.c
-@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
- 	modlen -= sig_len + sizeof(ms);
- 	info->len = modlen;
- 
--	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+	ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
- 				      VERIFY_USE_SECONDARY_KEYRING,
- 				      VERIFYING_MODULE_SIGNATURE,
- 				      NULL, NULL);
-+	if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
-+		ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+				VERIFY_USE_PLATFORM_KEYRING,
-+				VERIFYING_MODULE_SIGNATURE,
-+				NULL, NULL);
-+	}
-+	return ret;
- }
--- 
-2.21.0
-- 
cgit