[PATCH 0/4] Unifrom keyring support across architectures and functions
9 months, 3 weeks ago
While testing KEXEC_SIG on powerpc I noticed discrepancy in support for
different keyrings across architectures and between KEXEC_SIG and
MODULE_SIG. Fix this by enabling suport for the missing keyrings.
The latter two patches obviously conflict with the ongoing module code
cleanup. If they turn out desirable I will add them to the other series
dealing with KEXEC_SIG.
The arm patches can be merged independently.
Michal Suchanek (4):
Fix arm64 kexec forbidding kernels signed with keys in the secondary
keyring to boot
kexec, KEYS, arm64: Make use of platform keyring for signature
kexec, KEYS, s390: Make use of built-in and secondary keyring for
module, KEYS: Make use of platform keyring for signature verification
arch/arm64/kernel/kexec_image.c | 13 +++++++++++--
arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++-----
kernel/module_signing.c | 14 ++++++++++----
3 files changed, 34 insertions(+), 11 deletions(-)