Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp2805607ima; Mon, 22 Oct 2018 16:40:13 -0700 (PDT) X-Google-Smtp-Source: ACcGV60nn2LFxeJ1A1lhdhP55zodK4/Ghq61Y+tXc5l2Y80cuE1cwAfF/fgJYc7VGivCOWw9YBhb X-Received: by 2002:a63:844:: with SMTP id 65-v6mr43657048pgi.144.1540251613870; Mon, 22 Oct 2018 16:40:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540251613; cv=none; d=google.com; s=arc-20160816; b=UBz1ZvFQ/a1MqzKgkg0C6PXiFwxC/Z4i/1MJNN5YLdlmnaWY+yp5Kt43KzF6TqJ1+V 2jqZ6Y6TtlaXp7T4V8HF2ShLUDDl9NE6o71TIPFxLf90QbEOb2aZToawuit9uMjt49U1 n4bTdkBqDreuR0mjeOU69xGr9aDQrBjBDZCa1qkuSExHrV+NDPwOyJ8/eDGoFSd2gQlC xf4KHUNXv+04sUj4bUXRt2HO8s5kI4gNKzKvOiYuo9o+VHSnkN+a1O4kvUgJMiewRcHy 82siir8UAYjiDz8dwuLSJe6dd8y5x8tOlfvDQvdKIs1nYrKpX6LFBy4CUjwggkgXuYqo miCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=Q3CGUFLzNo51687OV1C9z6aLVTCBFRy+ju+5mzsjgro=; b=GpsBywsxd/SavifQ9lsHDAYQs1FW/k0cmgvXD3UWCYaacdqP8FpSsVy0SIYQZ9ZSFa fBGXJccFmZW6P7CmUXarKdGMsvqXY6tVLY5bk8/ooAX0BqDsQ3qPycZMxyfXVE0ubX9r CGR6M2MlIPd/b60AI5x2K0XAZdyh5PS7Eu5yXuF2yMzILBmDJwpLoKHrfB04AWkzE5C2 CQGBIiaslb0yH4PiMJcZ5O7Bfkpmvl+hVad/CGT9EzEoquRAbkqe1KUqtuhu5XbddL+w LivCrhpAu0VeDV9R9n2wX+WquJ9AKwEEmva6GwqBCArLcd2eA29aQQS8wRLm/RE7se8z bO1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Ck+hEc32; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id be12-v6si33972910plb.347.2018.10.22.16.39.59; Mon, 22 Oct 2018 16:40:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Ck+hEc32; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729211AbeJWGrK (ORCPT + 99 others); Tue, 23 Oct 2018 02:47:10 -0400 Received: from mail-oi1-f201.google.com ([209.85.167.201]:49517 "EHLO mail-oi1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727450AbeJWGrK (ORCPT ); Tue, 23 Oct 2018 02:47:10 -0400 Received: by mail-oi1-f201.google.com with SMTP id h21-v6so29820391oib.16 for ; Mon, 22 Oct 2018 15:26:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=Q3CGUFLzNo51687OV1C9z6aLVTCBFRy+ju+5mzsjgro=; b=Ck+hEc32DgszDuKxUKOmTV7epqtkDo1G0Ey6UFrP1353G79PQyGqDNblINcAtscFRY 27P0KmUoc1D+jyKLBsyHFNdZWkisF70bZtn4mOlflunGIZpmPbOstEuAALhr09zIJwiC 1d2DNwrNzaMNken7rzDu9J0fpe17alS7ee5LL23Q/hbHHrQjRicRx7j7pbSD0oMEDtnJ h29vRMYwfkwfNyTaR4ZyJuB7Js6uS99NTZt4qq+DORKrQGZ3PWnb9LtY6GvxgKcwc6tY nYkq7Dy8zMr+UYT/q/GyIbKpzIT+EM8wpRL7phg7+Tu0vE3iIOWQ6MqTwjXDEz3LgQ88 KbuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=Q3CGUFLzNo51687OV1C9z6aLVTCBFRy+ju+5mzsjgro=; b=LLnDvkZebFvA7QH8y6w3C1qrY/mZK/kcOoOwWPQcsu4gQv55Zch/ePwgiTxY5scZrP TlPvHR1hQltDVijU2XMqLASHKdgE274epg2JnnVRyyPV2TPgt9iUB3gwpfgccCKtI4CD LDhXNEUyUaHBUgnJRsy1AQOWF+0NUy1vIai8wWLPur54Yr96AOH9N5nZ9CF20d7FdnAm jnq8N3Wl+XU/aUUnr+Ei4p76nB4VFKizIVe1CnXP1LSGhCCAtOwm6KI1S7C0xKmIf95W X5V2zhcpTsU8GoHtrIp8O0bJ9kYJqM+Ee/N+a1+ANaLRBCs9PvFczhVSCeNP89yp7OuC yDtA== X-Gm-Message-State: ABuFfogHRTQRxJAdzO+4zySvwSJobdp5Aqm1IydI+HcV3poXMhO4p6nS wx/bgeFPEoFftfGlErkufDOw17+/r6o= X-Received: by 2002:a9d:70d6:: with SMTP id w22mr37443358otj.46.1540247204155; Mon, 22 Oct 2018 15:26:44 -0700 (PDT) Date: Mon, 22 Oct 2018 15:26:14 -0700 Message-Id: <20181022222614.41016-1-mikewu@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.19.1.568.g152ad8e336-goog Subject: [PATCH] modsign: use all trusted keys to verify module signature From: Ke Wu To: Jessica Yu , David Howells Cc: Ke Wu , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Make mod_verify_sig to use all trusted keys. This allows keys in secondary_trusted_keys to be used to verify PKCS#7 signature on a kernel module. Signed-off-by: Ke Wu --- kernel/module_signing.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/module_signing.c b/kernel/module_signing.c index f2075ce8e4b3..a8b923ba1a39 100644 --- a/kernel/module_signing.c +++ b/kernel/module_signing.c @@ -83,6 +83,6 @@ int mod_verify_sig(const void *mod, struct load_info *info) } return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, - NULL, VERIFYING_MODULE_SIGNATURE, + (void *)1UL, VERIFYING_MODULE_SIGNATURE, NULL, NULL); } -- 2.19.1.568.g152ad8e336-goog