Google Git
Sign in
kernel / pub / scm / linux / kernel / git / dhowells / linux-modsign / 888252a954292b704d459c454951196eb1651d78
commit888252a954292b704d459c454951196eb1651d78[log] [tgz]
authorJosh Boyer <jwboyer@redhat.com>Thu Aug 16 15:19:12 2012 +0100
committerDavid Howells <dhowells@redhat.com>Thu Aug 16 15:19:12 2012 +0100
tree491c6726d390a4934c1ea0df276175e9c60f76bc
parente5d89667511a41d9da392b22199d80a37f0174b5 [diff]
MODSIGN: Allow modules to be signed with an unknown key unless enforcing

Currently we fail the loading of modules that are signed with a public key
that is not in the modsign keyring even if we are not in enforcing mode.
This is somewhat at odds with the fact that we allow a completely unsigned
module to load in such a case.

We should allow modules signed with an unknown key to load in cases
where we are not enforcing and not in FIPS mode.

Signed-off-by: Josh Boyer <jwboyer@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed
tree: 491c6726d390a4934c1ea0df276175e9c60f76bc
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS