Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.0.7 2014-07-17T13:35:15+00:00 2014-07-17T13:35:15+00:00 Mimi Zohar zohar@linux.vnet.ibm.com 2013-08-20T18:36:27+00:00 urn:sha1:3be4beaf7c91ec9c6fefa5f11173af37113d10ae Only public keys, with certificates signed by an existing 'trusted' key on the system trusted keyring, should be added to a trusted keyring. This patch adds support for verifying a certificate's signature. This is derived from David Howells pkcs7_request_asymmetric_key() patch. Changelog v6: - on error free key - Dmitry - validate trust only for not already trusted keys - Dmitry - formatting cleanup Changelog: - define get_system_trusted_keyring() to fix kbuild issues Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> 2013-09-25T16:17:01+00:00 David Howells dhowells@redhat.com 2013-08-30T15:07:30+00:00 urn:sha1:b56e5a17b6b9acd16997960504b9940d0d7984e7 Separate the kernel signature checking keyring from module signing so that it can be used by code other than the module-signing code. Signed-off-by: David Howells <dhowells@redhat.com>