21 Dec, 2012
1 commit
-
Use keyring_alloc() to create special keyrings now that it has
a permissions parameter rather than using key_alloc() +
key_instantiate_and_link().Signed-off-by: David Howells
Cc: Rusty Russell
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
14 Dec, 2012
1 commit
-
Using the asm .incbin statement in C sources breaks any gcc wrapper which
assumes that preprocessed C source is self-contained. Use a separate .S
file to include the siging key and certificate.[ This means we no longer need SYMBOL_PREFIX which is defined in kernel.h
from cbdbf2abb7844548a7d7a6a2ae7af6b6fbcea401, so I removed it -- RR ]Tested-by: Michal Marek
Signed-off-by: Takashi Iwai
Signed-off-by: Rusty Russell
Acked-by: James Hogan
03 Dec, 2012
1 commit
-
Add the arch symbol prefix (if applicable) to the asm definition of
modsign_certificate_list and modsign_certificate_list_end. This uses the
recently defined SYMBOL_PREFIX which is derived from
CONFIG_SYMBOL_PREFIX.This fixes the build of module signing on the blackfin and metag
architectures.Signed-off-by: James Hogan
Cc: Rusty Russell
Cc: David Howells
Cc: Mike Frysinger
Signed-off-by: Rusty Russell
10 Oct, 2012
1 commit
-
Include a PGP keyring containing the public keys required to perform module
verification in the kernel image during build and create a special keyring
during boot which is then populated with keys of crypto type holding the public
keys found in the PGP keyring.These can be seen by root:
[root@andromeda ~]# cat /proc/keys
07ad4ee0 I----- 1 perm 3f010000 0 0 crypto modsign.0: RSA 87b9b3bd []
15c7f8c3 I----- 1 perm 1f030000 0 0 keyring .module_sign: 1/4
...It is probably worth permitting root to invalidate these keys, resulting in
their removal and preventing further modules from being loaded with that key.Signed-off-by: David Howells
Signed-off-by: Rusty Russell