mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 17:25:38 +00:00
f40998a8e6
If enabled, we fallback to the platform keyring if the trusted keyring doesn't have the key used to sign the ipe policy. But if pkcs7_verify() rejects the key for other reasons, such as usage restrictions, we do not fallback. Do so, following the same change in dm-verity. Signed-off-by: Luca Boccassi <bluca@debian.org> Suggested-by: Serge Hallyn <serge@hallyn.com> [FW: fixed some line length issues and a typo in the commit message] Signed-off-by: Fan Wu <wufan@kernel.org> |
||
---|---|---|
.. | ||
.gitignore | ||
audit.c | ||
audit.h | ||
digest.c | ||
digest.h | ||
eval.c | ||
eval.h | ||
fs.c | ||
fs.h | ||
hooks.c | ||
hooks.h | ||
ipe.c | ||
ipe.h | ||
Kconfig | ||
Makefile | ||
policy_fs.c | ||
policy_parser.c | ||
policy_parser.h | ||
policy_tests.c | ||
policy.c | ||
policy.h |