diff options
author | Nayna Jain <nayna@linux.ibm.com> | 2021-04-09 16:35:07 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-04-09 16:40:20 +0200 |
commit | 6cbdfb3d91bab122033bd2ecae8c259cb6e4f7d0 (patch) | |
tree | 05c396347eaa59a17fe6819603f6eacc1cd546f9 /security | |
parent | ima: enable signing of modules with build time generated key (diff) | |
download | linux-6cbdfb3d91bab122033bd2ecae8c259cb6e4f7d0.tar.xz linux-6cbdfb3d91bab122033bd2ecae8c259cb6e4f7d0.zip |
ima: enable loading of build time generated key on .ima keyring
The kernel currently only loads the kernel module signing key onto the
builtin trusted keyring. Load the module signing key onto the IMA keyring
as well.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/digsig.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 250fb0836156..3b06a01bd0fd 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -111,6 +111,8 @@ static int __init __integrity_init_keyring(const unsigned int id, } else { if (id == INTEGRITY_KEYRING_PLATFORM) set_platform_trusted_keys(keyring[id]); + if (id == INTEGRITY_KEYRING_IMA) + load_module_cert(keyring[id]); } return err; |