git.baikalelectronics.ru Git - kernel.git/commit

author	Kairui Song <kasong@redhat.com>
	Mon, 21 Jan 2019 09:59:28 +0000 (17:59 +0800)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 4 Feb 2019 22:29:19 +0000 (17:29 -0500)
commit	bac1f0ae3cbff8c749d9a490bbdac5181495aaa8
tree	a79baecc80144b604d059a6828057210c7a06b9e	tree \| snapshot
parent	58af23a05af2d2ec5e21260e86cc6aebdd04b825	commit \| diff

integrity, KEYS: add a reference to platform keyring

commit 2ad5d49a9dbc ("integrity: Define a trusted platform keyring")
introduced a .platform keyring for storing preboot keys, used for
verifying kernel image signatures. Currently only IMA-appraisal is able
to use the keyring to verify kernel images that have their signature
stored in xattr.

This patch exposes the .platform keyring, making it accessible for
verifying PE signed kernel images as well.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Kairui Song <kasong@redhat.com>
Cc: David Howells <dhowells@redhat.com>
[zohar@linux.ibm.com: fixed checkpatch errors, squashed with patch fix]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

certs/system_keyring.c		diff \| blob \| history
include/keys/system_keyring.h		diff \| blob \| history
security/integrity/digsig.c		diff \| blob \| history