git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ffb70f6)
KEYS: validate certificate trust only with builtin keys
authorDmitry Kasatkin <d.kasatkin@samsung.com>
Tue, 17 Jun 2014 08:56:59 +0000 (11:56 +0300)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 17 Jul 2014 13:35:17 +0000 (09:35 -0400)
Instead of allowing public keys, with certificates signed by any
key on the system trusted keyring, to be added to a trusted keyring,
this patch further restricts the certificates to those signed only by
builtin keys on the system keyring.

This patch defines a new option 'builtin' for the kernel parameter
'keys_ownerid' to allow trust validation using builtin keys.

Simplified Mimi's "KEYS: define an owner trusted keyring" patch

Changelog v7:
- rename builtin_keys to use_builtin_keys

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Documentation/kernel-parameters.txt patch | blob | history
crypto/asymmetric_keys/x509_public_key.c patch | blob | history
include/linux/key.h patch | blob | history
kernel/system_keyring.c patch | blob | history

diff --cc Documentation/kernel-parameters.txt
Simple merge
diff --cc include/linux/key.h
Simple merge
diff --cc kernel/system_keyring.c
Simple merge
Pandora Kernel Repository