From e84cd7ee630e44a2cc8ae49e85920a271b214cb3 Mon Sep 17 00:00:00 2001 From: Ke Wu Date: Tue, 6 Nov 2018 15:21:30 -0800 Subject: [PATCH] modsign: use all trusted keys to verify module signature Make mod_verify_sig to use all trusted keys. This allows keys in secondary_trusted_keys to be used to verify PKCS#7 signature on a kernel module. Signed-off-by: Ke Wu Signed-off-by: Jessica Yu --- kernel/module_signing.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/module_signing.c b/kernel/module_signing.c index f2075ce..6b9a926 100644 --- a/kernel/module_signing.c +++ b/kernel/module_signing.c @@ -83,6 +83,7 @@ int mod_verify_sig(const void *mod, struct load_info *info) } return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, - NULL, VERIFYING_MODULE_SIGNATURE, + VERIFY_USE_SECONDARY_KEYRING, + VERIFYING_MODULE_SIGNATURE, NULL, NULL); } -- 2.7.4