diff options
author | Nayna Jain <nayna@linux.ibm.com> | 2021-04-09 16:35:07 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-04-09 16:40:20 +0200 |
commit | 6cbdfb3d91bab122033bd2ecae8c259cb6e4f7d0 (patch) | |
tree | 05c396347eaa59a17fe6819603f6eacc1cd546f9 /include/keys | |
parent | ima: enable signing of modules with build time generated key (diff) | |
download | linux-6cbdfb3d91bab122033bd2ecae8c259cb6e4f7d0.tar.xz linux-6cbdfb3d91bab122033bd2ecae8c259cb6e4f7d0.zip |
ima: enable loading of build time generated key on .ima keyring
The kernel currently only loads the kernel module signing key onto the
builtin trusted keyring. Load the module signing key onto the IMA keyring
as well.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'include/keys')
-rw-r--r-- | include/keys/system_keyring.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h index fb8b07daa9d1..f954276c616a 100644 --- a/include/keys/system_keyring.h +++ b/include/keys/system_keyring.h @@ -16,9 +16,16 @@ extern int restrict_link_by_builtin_trusted(struct key *keyring, const struct key_type *type, const union key_payload *payload, struct key *restriction_key); +extern __init int load_module_cert(struct key *keyring); #else #define restrict_link_by_builtin_trusted restrict_link_reject + +static inline __init int load_module_cert(struct key *keyring) +{ + return 0; +} + #endif #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING |