certs: Add a secondary system keyring that can be added to dynamically (d3bfe841) · Commits · Linaro / qcomlt / kernel

Commit d3bfe841 authored 8 years ago by David Howells

certs: Add a secondary system keyring that can be added to dynamically


Add a secondary system keyring that can be added to by root whilst the
system is running - provided the key being added is vouched for by a key
built into the kernel or already added to the secondary keyring.

Rename .system_keyring to .builtin_trusted_keys to distinguish it more
obviously from the new keyring (called .secondary_trusted_keys).

The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING.

If the secondary keyring is enabled, a link is created from that to
.builtin_trusted_keys so that the the latter will automatically be searched
too if the secondary keyring is searched.

Signed-off-by: David Howells <dhowells@redhat.com>

parent 77f68bac

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 88 additions and 16 deletions

Please register or to comment