Google Git
Sign in
kernel / pub / scm / linux / kernel / git / dhowells / linux-modsign / devel-pekey
commit170dec90e9c3a4a1cc38a9684a1c7748f77476e8[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Tue Jul 08 19:07:52 2014 +0100
committerDavid Howells <dhowells@redhat.com>Tue Jul 08 19:07:52 2014 +0100
tree3c18795858149fe4450fbe930a40f31c05e81dbf
parent490b28ed5e09e42a3f069b8d84c0b23025cd2003 [diff]
pefile: Load the contained key if we consider the container to be validly signed

Load the key contained in the PE binary if the signature on the container can
be verified by following the chain of X.509 certificates in the PKCS#7 message
to a key that we already trust.  Typically, the trusted key will be acquired
from a source outside of the kernel, such as the UEFI database.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
3 files changed
tree: 3c18795858149fe4450fbe930a40f31c05e81dbf
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS