mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-28 16:56:26 +00:00
b46503068c
Originally the secondary trusted keyring provided a keyring to which extra keys may be added, provided those keys were not blacklisted and were vouched for by a key built into the kernel or already in the secondary trusted keyring. On systems with the machine keyring configured, additional keys may also be vouched for by a key on the machine keyring. Prevent loading additional certificates directly onto the secondary keyring, vouched for by keys on the machine keyring, yet allow these certificates to be loaded onto other trusted keyrings. Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
||
---|---|---|
.. | ||
.gitignore | ||
blacklist_hashes.c | ||
blacklist.c | ||
blacklist.h | ||
check-blacklist-hashes.awk | ||
default_x509.genkey | ||
extract-cert.c | ||
Kconfig | ||
Makefile | ||
revocation_certificates.S | ||
system_certificates.S | ||
system_keyring.c |