Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorri...

[platform/kernel/linux-starfive.git] / arch / x86 / kernel / kexec-bzimage64.c

diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
index 1f3b773..22f60dd 100644 (file)
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -538,9 +538,17 @@ static int bzImage64_cleanup(void *loader_data)
 #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG
 static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
 {
-       return verify_pefile_signature(kernel, kernel_len,
-                                      VERIFY_USE_SECONDARY_KEYRING,
-                                      VERIFYING_KEXEC_PE_SIGNATURE);
+       int ret;
+
+       ret = verify_pefile_signature(kernel, kernel_len,
+                                     VERIFY_USE_SECONDARY_KEYRING,
+                                     VERIFYING_KEXEC_PE_SIGNATURE);
+       if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
+               ret = verify_pefile_signature(kernel, kernel_len,
+                                             VERIFY_USE_PLATFORM_KEYRING,
+                                             VERIFYING_KEXEC_PE_SIGNATURE);
+       }
+       return ret;
 }
 #endif