linux-next/security/ipe
Luca Boccassi f40998a8e6 ipe: fallback to platform keyring also if key in trusted keyring is rejected
If enabled, we fallback to the platform keyring if the trusted keyring
doesn't have the key used to sign the ipe policy. But if pkcs7_verify()
rejects the key for other reasons, such as usage restrictions, we do not
fallback. Do so, following the same change in dm-verity.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Suggested-by: Serge Hallyn <serge@hallyn.com>
[FW: fixed some line length issues and a typo in the commit message]
Signed-off-by: Fan Wu <wufan@kernel.org>
2024-10-18 12:14:53 -07:00
..
.gitignore scripts: add boot policy generation program 2024-08-20 14:03:39 -04:00
audit.c ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
audit.h ipe: add permissive toggle 2024-08-20 14:02:27 -04:00
digest.c ipe: add support for dm-verity as a trust provider 2024-08-20 14:02:45 -04:00
digest.h ipe: add support for dm-verity as a trust provider 2024-08-20 14:02:45 -04:00
eval.c ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
eval.h ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
fs.c scripts: add boot policy generation program 2024-08-20 14:03:39 -04:00
fs.h ipe: add userspace interface 2024-08-20 14:02:15 -04:00
hooks.c ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
hooks.h ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
ipe.c ipe: Remove duplicated include in ipe.c 2024-08-22 12:24:10 -04:00
ipe.h ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
Kconfig ipe: allow secondary and platform keyrings to install/update policies 2024-10-17 11:46:10 -07:00
Makefile ipe: kunit test for parser 2024-08-20 14:03:43 -04:00
policy_fs.c ipe: add userspace interface 2024-08-20 14:02:15 -04:00
policy_parser.c ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00
policy_parser.h ipe: add policy parser 2024-08-20 14:01:00 -04:00
policy_tests.c ipe: Add missing terminator to list of unit tests 2024-09-23 15:53:37 -04:00
policy.c ipe: fallback to platform keyring also if key in trusted keyring is rejected 2024-10-18 12:14:53 -07:00
policy.h ipe: enable support for fs-verity as a trust provider 2024-08-20 14:03:35 -04:00