Thread (33 messages) 33 messages, 5 authors, 2021-09-02
STALE1775d
Revisions (8)
  1. rfc [diff vs current]
  2. v2 [diff vs current]
  3. v3 [diff vs current]
  4. v4 current
  5. v5 [diff vs current]
  6. v6 [diff vs current]
  7. v7 [diff vs current]
  8. v8 [diff vs current]

[PATCH v4 09/12] KEYS: link secondary_trusted_keys to mok trusted keys

From: Eric Snowberg <eric.snowberg@oracle.com>
Date: 2021-08-19 00:22:50
Also in: keyrings, linux-crypto, linux-integrity, lkml
Subsystem: certificate handling, the rest · Maintainers: David Howells, David Woodhouse, Linus Torvalds

Allow the .mok keyring to be linked to the secondary_trusted_keys.  After
the link is created, keys contained in the .mok keyring will automatically
be searched when searching secondary_trusted_keys.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
---
v3: Initial version
v4: Unmodified from v3
---
 certs/system_keyring.c | 3 +++
 1 file changed, 3 insertions(+)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 1c39af137cf1..4ce39b4ccc04 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -101,6 +101,9 @@ static __init struct key_restriction *get_builtin_and_secondary_restriction(void
 void __init set_mok_trusted_keys(struct key *keyring)
 {
 	mok_trusted_keys = keyring;
+
+	if (key_link(secondary_trusted_keys, mok_trusted_keys) < 0)
+		panic("Can't link (mok) trusted keyrings\n");
 }
 
 /**
-- 
2.18.4
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help