mirror of https://gitee.com/openkylin/linux.git
modsign: use all trusted keys to verify module signature
Make mod_verify_sig to use all trusted keys. This allows keys in secondary_trusted_keys to be used to verify PKCS#7 signature on a kernel module. Signed-off-by: Ke Wu <mikewu@google.com> Signed-off-by: Jessica Yu <jeyu@kernel.org>
This commit is contained in:
parent
651022382c
commit
e84cd7ee63
|
@ -83,6 +83,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
|
||||||
}
|
}
|
||||||
|
|
||||||
return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
|
return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
|
||||||
NULL, VERIFYING_MODULE_SIGNATURE,
|
VERIFY_USE_SECONDARY_KEYRING,
|
||||||
|
VERIFYING_MODULE_SIGNATURE,
|
||||||
NULL, NULL);
|
NULL, NULL);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue