[PATCH v8 13/17] integrity: store reference to machine keyring
Darren Kenny
darren.kenny at oracle.com
Mon Feb 14 12:27:17 UTC 2022
On Tuesday, 2021-11-23 at 23:41:20 -05, Eric Snowberg wrote:
> Store a reference to the machine keyring in system keyring code. The
> system keyring code needs this to complete the keyring link to
> to machine keyring.
>
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
Reviewed-by: Darren Kenny <darren.kenny at oracle.com>
> ---
> v2: Initial version
> v3: Unmodified from v2
> v4: Removed trust_moklist check
> v5: Rename to machine keyring
> v8: Unmodified from v5
> ---
> security/integrity/digsig.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
> index 74f73f7cc4fe..109b58840d45 100644
> --- a/security/integrity/digsig.c
> +++ b/security/integrity/digsig.c
> @@ -116,6 +116,8 @@ static int __init __integrity_init_keyring(const unsigned int id,
> } else {
> if (id == INTEGRITY_KEYRING_PLATFORM)
> set_platform_trusted_keys(keyring[id]);
> + if (id == INTEGRITY_KEYRING_MACHINE)
> + set_machine_trusted_keys(keyring[id]);
> if (id == INTEGRITY_KEYRING_IMA)
> load_module_cert(keyring[id]);
> }
> --
> 2.18.4
More information about the Linux-security-module-archive
mailing list