Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2467431imu; Tue, 6 Nov 2018 15:22:14 -0800 (PST) X-Google-Smtp-Source: AJdET5ezzlUpSiyCLI6q/gUlJVg4WZhcm4uuKuw8O83GwlzhXL9rGC6XXESNMvmkgv3x3f85adcQ X-Received: by 2002:a63:50b:: with SMTP id 11mr24986673pgf.411.1541546533975; Tue, 06 Nov 2018 15:22:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541546533; cv=none; d=google.com; s=arc-20160816; b=qomIIUSY06DyApzV+LCau11J1DJ3aH1FeymS3eoH1Z/a4rEaPrfY4ku04qLdM7BwNi 1gSZB4WHe/cK1SCgBiB4MJFwabDIt1Vrn3JmrqW8nmT/y8QxCwnbpOoND+TC9g+SmMIk ubFfisfFTmPKjZotM6+mZ+wiIesxt4aAz3BgN38pUpbEHBXhnfvFTWIyjbWkwBbpZ05y 26gDg7BuDzVMggp6Wi8ZeVJMrovc9b/ZOyllCfMD5W/4i3RLIaruu6RKGDfzqmt0B3// PJjkqmOCYTDnPw4ltSjEsbTvE9S2JoIu6WjX4ExRlZp3S7197KOUDwvPTZfWt+7mGe1O 0yGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=Xo5G1bNTmgMBccdEV/3AjXg2C0Fxc2edqjMPLqnBids=; b=wwGHLutLL67zibyRexLngSlbgXnmLMSn1HcrW5suQkE+prDCHOcW75XbCwiuIjXQsT Qqz4+m5vOuVrsLvLRT+GhkpfDYVvDd5MBzRgnqWdcwl84GKcG59z1q6LP6uUBR9h8Hqt arJZ2sbZ7+kHGA6TAX5IItzmKdWWU6iBA9DURE6CF8zmlw5DkIHES6mEpVqrszzfzHQE yVI3tvTXYdfqcCTqodNBxvkzj82jm3SW+dDW+L1BXzzM5kymTpvgO2bUgyAkZnaiCeBu GZFL2UwJdOO9sCD7F7txGB8SO5rXXg3DLigh0uyl5gH4ZKw0zDYgcBEeoC3xKR/263VR o2vQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sfYCDH4k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h13-v6si56591280plk.130.2018.11.06.15.21.57; Tue, 06 Nov 2018 15:22:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=sfYCDH4k; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730971AbeKGItO (ORCPT + 99 others); Wed, 7 Nov 2018 03:49:14 -0500 Received: from mail-pl1-f201.google.com ([209.85.214.201]:53500 "EHLO mail-pl1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726462AbeKGItO (ORCPT ); Wed, 7 Nov 2018 03:49:14 -0500 Received: by mail-pl1-f201.google.com with SMTP id bb3-v6so14535349plb.20 for ; Tue, 06 Nov 2018 15:21:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Xo5G1bNTmgMBccdEV/3AjXg2C0Fxc2edqjMPLqnBids=; b=sfYCDH4k8HrzlyXYFJF1eQFSgOKaJQ4i4LK124kupINX05ajun6DE+LYJOu6WFcd9m MowOpi8RJxbFOEUy4ru/F85sd41zurJUXC8KTCUXQ/0d7bMLgEeeyOgUSW/NvyeceCn6 6aHGMAkf9H7jRycpHU1KF0QGHM+M52idiTtHOhnsuEwMI1383HvzmrfsBLpchgsROpyU EaIdVSZC4UQFTav5AmBNim713UaiamS/grJLm0JPn2ZeIyrRUv+lLDKevqPi0jSZUx3O BZKp6kTGw1oM5x/pjmMKBDi0rXEW9k1LbX3tT5S7WmmAdJtu3T5b77lovVQByohdbY5A 1Asg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Xo5G1bNTmgMBccdEV/3AjXg2C0Fxc2edqjMPLqnBids=; b=L56+Z5zsf8sWwHwi2z2i7tP4tWmvZQdiEBw7YSypxRDAlOVy2PENx3bCj0s1dypcku 7760KHSyRbgmg8yTApPs1B2KvDSCCo7miEJGZTuYv4Z7LGpFXgKJAVzr4/PD7o7yOuWt J0P0cd3QzgllUTasO3Co7ie/ONUr6KxIiHysXM+0WlCxJoWb06JKjRU6SMow/8J3uT5w rZnnbpIXyHfqhrWh3uZ6Tgj7OlkIe6XPk5YVMgpd+SIAyvUz2W5dSwdWAs++wuhgznbH w8arIkspFMb/Or4IFaEjNPVe0XQpcVdmpxOpbrh9PnbsWyFM1q5ocEkFqFCyJyHDwjKb AN+Q== X-Gm-Message-State: AGRZ1gIdxBOLoHNv7UJFsCD7hUxeToIp5R6oH7whAW0gIj/ALkBFyNR6 /Z56PVYPKOIkqbDHQ6N3h47W+z9+BOI= X-Received: by 2002:a17:902:7281:: with SMTP id d1-v6mr431570pll.54.1541546495692; Tue, 06 Nov 2018 15:21:35 -0800 (PST) Date: Tue, 6 Nov 2018 15:21:30 -0800 In-Reply-To: <20181022222614.41016-1-mikewu@google.com> Message-Id: <20181106232130.33932-1-mikewu@google.com> Mime-Version: 1.0 References: <20181022222614.41016-1-mikewu@google.com> X-Mailer: git-send-email 2.19.1.930.g4563a0d9d0-goog Subject: [PATCH v2] modsign: use all trusted keys to verify module signature From: Ke Wu To: Jessica Yu , David Howells Cc: Ke Wu , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Make mod_verify_sig to use all trusted keys. This allows keys in secondary_trusted_keys to be used to verify PKCS#7 signature on a kernel module. Signed-off-by: Ke Wu --- Changelog since v1: - Use VERIFY_USE_SECONDARY_KEYRING rather than (void *)1UL kernel/module_signing.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/module_signing.c b/kernel/module_signing.c index f2075ce8e4b3..6b9a926fd86b 100644 --- a/kernel/module_signing.c +++ b/kernel/module_signing.c @@ -83,6 +83,7 @@ int mod_verify_sig(const void *mod, struct load_info *info) } return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, - NULL, VERIFYING_MODULE_SIGNATURE, + VERIFY_USE_SECONDARY_KEYRING, + VERIFYING_MODULE_SIGNATURE, NULL, NULL); } -- 2.19.1.930.g4563a0d9d0-goog