diff options
author | David Howells <dhowells@redhat.com> | 2016-04-06 17:14:27 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2016-04-11 23:48:09 +0200 |
commit | d3bfe84129f65e0af2450743ebdab33d161d01c9 (patch) | |
tree | 37d567ed647f869e6a01cddcb40ec67b716204e0 /security | |
parent | KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED (diff) | |
download | linux-d3bfe84129f65e0af2450743ebdab33d161d01c9.tar.xz linux-d3bfe84129f65e0af2450743ebdab33d161d01c9.zip |
certs: Add a secondary system keyring that can be added to dynamically
Add a secondary system keyring that can be added to by root whilst the
system is running - provided the key being added is vouched for by a key
built into the kernel or already added to the secondary keyring.
Rename .system_keyring to .builtin_trusted_keys to distinguish it more
obviously from the new keyring (called .secondary_trusted_keys).
The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING.
If the secondary keyring is enabled, a link is created from that to
.builtin_trusted_keys so that the the latter will automatically be searched
too if the secondary keyring is searched.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions