KEYS: store reference to machine keyring

Expose the .machine keyring created in integrity code by adding a reference. Store a reference to the machine keyring in system keyring code. The system keyring code needs this to complete the keyring link to the machine keyring. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
author: Eric Snowberg <eric.snowberg@oracle.com> 2022-01-25 21:58:30 -0500
committer: Jarkko Sakkinen <jarkko@kernel.org> 2022-03-08 13:55:52 +0200
commit: 56edb6c25f11f25df153f4804f2d5bced2b49a9e (patch)
tree: 385a1e2f53f72f4c4ba2a198dcc8db85b1775784 /security
parent: integrity: add new keyring handler for mok keys (diff)
download: linux-dev-56edb6c25f11f25df153f4804f2d5bced2b49a9e.tar.xz
linux-dev-56edb6c25f11f25df153f4804f2d5bced2b49a9e.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 2b7fa85613c0..7b719aa76188 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -112,6 +112,8 @@ static int __init __integrity_init_keyring(const unsigned int id,
 	} else {
 		if (id == INTEGRITY_KEYRING_PLATFORM)
 			set_platform_trusted_keys(keyring[id]);
+		if (id == INTEGRITY_KEYRING_MACHINE)
+			set_machine_trusted_keys(keyring[id]);
 		if (id == INTEGRITY_KEYRING_IMA)
 			load_module_cert(keyring[id]);
 	}
author	Eric Snowberg <eric.snowberg@oracle.com>	2022-01-25 21:58:30 -0500
committer	Jarkko Sakkinen <jarkko@kernel.org>	2022-03-08 13:55:52 +0200
commit	56edb6c25f11f25df153f4804f2d5bced2b49a9e (patch)
tree	385a1e2f53f72f4c4ba2a198dcc8db85b1775784 /security
parent	integrity: add new keyring handler for mok keys (diff)
download	linux-dev-56edb6c25f11f25df153f4804f2d5bced2b49a9e.tar.xz linux-dev-56edb6c25f11f25df153f4804f2d5bced2b49a9e.zip