• Dmitry Kasatkin's avatar
    KEYS: validate certificate trust only with builtin keys · 32c4741c
    Dmitry Kasatkin authored
    Instead of allowing public keys, with certificates signed by any
    key on the system trusted keyring, to be added to a trusted keyring,
    this patch further restricts the certificates to those signed only by
    builtin keys on the system keyring.
    
    This patch defines a new option 'builtin' for the kernel parameter
    'keys_ownerid' to allow trust validation using builtin keys.
    
    Simplified Mimi's "KEYS: define an owner trusted keyring" patch
    
    Changelog v7:
    - rename builtin_keys to use_builtin_keys
    Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    32c4741c
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt/kvm Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...