git.baikalelectronics.ru Git - kernel.git/commit

author	Kairui Song <kasong@redhat.com>
	Mon, 21 Jan 2019 09:59:28 +0000 (17:59 +0800)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 4 Feb 2019 22:29:19 +0000 (17:29 -0500)
commit	e763f1a0bd5dcf213e0560971e38037da33dd2d6
tree	a79baecc80144b604d059a6828057210c7a06b9e	tree \| snapshot
parent	cae2724d61221ea79ff46e62015075e56bfe8cb2	commit \| diff

integrity, KEYS: add a reference to platform keyring

commit a4d39d79291a ("integrity: Define a trusted platform keyring")
introduced a .platform keyring for storing preboot keys, used for
verifying kernel image signatures. Currently only IMA-appraisal is able
to use the keyring to verify kernel images that have their signature
stored in xattr.

This patch exposes the .platform keyring, making it accessible for
verifying PE signed kernel images as well.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Kairui Song <kasong@redhat.com>
Cc: David Howells <dhowells@redhat.com>
[zohar@linux.ibm.com: fixed checkpatch errors, squashed with patch fix]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

certs/system_keyring.c		diff \| blob \| history
include/keys/system_keyring.h		diff \| blob \| history
security/integrity/digsig.c		diff \| blob \| history