• Mimi Zohar's avatar
    certs: Only allow certs signed by keys on the builtin keyring · b4650306
    Mimi Zohar authored
    Originally the secondary trusted keyring provided a keyring to which extra
    keys may be added, provided those keys were not blacklisted and were
    vouched for by a key built into the kernel or already in the secondary
    trusted keyring.
    
    On systems with the machine keyring configured, additional keys may also
    be vouched for by a key on the machine keyring.
    
    Prevent loading additional certificates directly onto the secondary
    keyring, vouched for by keys on the machine keyring, yet allow these
    certificates to be loaded onto other trusted keyrings.
    Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    b4650306
restrict.c 11 KB