projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a3af718) | patch
integrity: ignore keys failing CA restrictions on non-UEFI platform
authorNayna Jain <nayna@linux.ibm.com>
Tue, 15 Aug 2023 11:27:18 +0000 (07:27 -0400)
committerJarkko Sakkinen <jarkko@kernel.org>
Thu, 17 Aug 2023 20:12:35 +0000 (20:12 +0000)
commitbc02667698b0e828f566e031d5020298b8d0c5de
tree70d79e5cf7a2e3f26266d0f1d13db5d777b877batree | snapshot
parenta3af7188e360aea343611dd385056eec44e10175commit | diff
integrity: ignore keys failing CA restrictions on non-UEFI platform

On non-UEFI platforms, handle restrict_link_by_ca failures differently.

Certificates which do not satisfy CA restrictions on non-UEFI platforms
are ignored.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/integrity/platform_certs/machine_keyring.c diff | blob | history
Domain: System / Kernel;