mirror of https://github.com/torvalds/linux.git
f40998a8e6
If enabled, we fallback to the platform keyring if the trusted keyring doesn't have the key used to sign the ipe policy. But if pkcs7_verify() rejects the key for other reasons, such as usage restrictions, we do not fallback. Do so, following the same change in dm-verity. Signed-off-by: Luca Boccassi <bluca@debian.org> Suggested-by: Serge Hallyn <serge@hallyn.com> [FW: fixed some line length issues and a typo in the commit message] Signed-off-by: Fan Wu <wufan@kernel.org> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| Kconfig | ||
| Makefile | ||
| audit.c | ||
| audit.h | ||
| digest.c | ||
| digest.h | ||
| eval.c | ||
| eval.h | ||
| fs.c | ||
| fs.h | ||
| hooks.c | ||
| hooks.h | ||
| ipe.c | ||
| ipe.h | ||
| policy.c | ||
| policy.h | ||
| policy_fs.c | ||
| policy_parser.c | ||
| policy_parser.h | ||
| policy_tests.c | ||