Commit e84cd7ee authored by Ke Wu's avatar Ke Wu Committed by Jessica Yu
Browse files

modsign: use all trusted keys to verify module signature 



Make mod_verify_sig to use all trusted keys. This allows keys in
secondary_trusted_keys to be used to verify PKCS#7 signature on a
kernel module.

Signed-off-by: default avatarKe Wu <mikewu@google.com>
Signed-off-by: default avatarJessica Yu <jeyu@kernel.org>
parent 65102238

kernel/module_signing.c

+2 −1
Original line number Diff line number Diff line
@@ -83,6 +83,7 @@ int mod_verify_sig(const void *mod, struct load_info *info) 
	}



	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,

				      NULL, VERIFYING_MODULE_SIGNATURE,

				      VERIFY_USE_SECONDARY_KEYRING,

				      VERIFYING_MODULE_SIGNATURE,

				      NULL, NULL);

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE