[PATCH v8 13/17] integrity: store reference to machine keyring

Darren Kenny darren.kenny at oracle.com
Mon Feb 14 12:27:17 UTC 2022


On Tuesday, 2021-11-23 at 23:41:20 -05, Eric Snowberg wrote:
> Store a reference to the machine keyring in system keyring code. The
> system keyring code needs this to complete the keyring link to
> to machine keyring.
>
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>

Reviewed-by: Darren Kenny <darren.kenny at oracle.com>

> ---
> v2: Initial version
> v3: Unmodified from v2
> v4: Removed trust_moklist check
> v5: Rename to machine keyring
> v8: Unmodified from v5
> ---
>  security/integrity/digsig.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
> index 74f73f7cc4fe..109b58840d45 100644
> --- a/security/integrity/digsig.c
> +++ b/security/integrity/digsig.c
> @@ -116,6 +116,8 @@ static int __init __integrity_init_keyring(const unsigned int id,
>  	} else {
>  		if (id == INTEGRITY_KEYRING_PLATFORM)
>  			set_platform_trusted_keys(keyring[id]);
> +		if (id == INTEGRITY_KEYRING_MACHINE)
> +			set_machine_trusted_keys(keyring[id]);
>  		if (id == INTEGRITY_KEYRING_IMA)
>  			load_module_cert(keyring[id]);
>  	}
> -- 
> 2.18.4



More information about the Linux-security-module-archive mailing list