aboutsummaryrefslogtreecommitdiff
path: root/SOURCES/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
diff options
context:
space:
mode:
Diffstat (limited to 'SOURCES/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch')
-rw-r--r--SOURCES/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch44
1 files changed, 0 insertions, 44 deletions
diff --git a/SOURCES/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch b/SOURCES/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
deleted file mode 100644
index c8426f6..0000000
--- a/SOURCES/0001-KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Robert Holmes <robeholmes@gmail.com>
-Date: Tue, 23 Apr 2019 07:39:29 +0000
-Subject: [PATCH] KEYS: Make use of platform keyring for module signature
- verify
-
-This patch completes commit 278311e417be ("kexec, KEYS: Make use of
-platform keyring for signature verify") which, while adding the
-platform keyring for bzImage verification, neglected to also add
-this keyring for module verification.
-
-As such, kernel modules signed with keys from the MokList variable
-were not successfully verified.
-
-Signed-off-by: Robert Holmes <robeholmes@gmail.com>
-Signed-off-by: Jeremy Cline <jcline@redhat.com>
----
- kernel/module_signing.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/kernel/module_signing.c b/kernel/module_signing.c
-index 9d9fc678c91d..84ad75a53c83 100644
---- a/kernel/module_signing.c
-+++ b/kernel/module_signing.c
-@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
- modlen -= sig_len + sizeof(ms);
- info->len = modlen;
-
-- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
- VERIFY_USE_SECONDARY_KEYRING,
- VERIFYING_MODULE_SIGNATURE,
- NULL, NULL);
-+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
-+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
-+ VERIFY_USE_PLATFORM_KEYRING,
-+ VERIFYING_MODULE_SIGNATURE,
-+ NULL, NULL);
-+ }
-+ return ret;
- }
---
-2.28.0
-