summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2016-04-06 17:14:27 +0200
committerDavid Howells <dhowells@redhat.com>2016-04-11 23:48:09 +0200
commitd3bfe84129f65e0af2450743ebdab33d161d01c9 (patch)
tree37d567ed647f869e6a01cddcb40ec67b716204e0 /security/integrity
parentKEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED (diff)
downloadlinux-d3bfe84129f65e0af2450743ebdab33d161d01c9.tar.xz
linux-d3bfe84129f65e0af2450743ebdab33d161d01c9.zip
certs: Add a secondary system keyring that can be added to dynamically
Add a secondary system keyring that can be added to by root whilst the system is running - provided the key being added is vouched for by a key built into the kernel or already added to the secondary keyring. Rename .system_keyring to .builtin_trusted_keys to distinguish it more obviously from the new keyring (called .secondary_trusted_keys). The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING. If the secondary keyring is enabled, a link is created from that to .builtin_trusted_keys so that the the latter will automatically be searched too if the secondary keyring is searched. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/integrity')
0 files changed, 0 insertions, 0 deletions