1. 11 Apr, 2016 2 commits
    • David Howells's avatar
      certs: Add a secondary system keyring that can be added to dynamically · d3bfe841
      David Howells authored
      Add a secondary system keyring that can be added to by root whilst the
      system is running - provided the key being added is vouched for by a key
      built into the kernel or already added to the secondary keyring.
      
      Rename .system_keyring to .builtin_trusted_keys to distinguish it more
      obviously from the new keyring (called .secondary_trusted_keys).
      
      The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING.
      
      If the secondary keyring is enabled, a link is created from that to
      .builtin_trusted_keys so that the the latter will automatically be searched
      too if the secondary keyring is searched.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d3bfe841
    • David Howells's avatar
      KEYS: Make the system trusted keyring depend on the asymmetric key type · 99716b7c
      David Howells authored
      Make the system trusted keyring depend on the asymmetric key type as
      there's not a lot of point having it if you can't then load asymmetric keys
      onto it.
      
      This requires the ASYMMETRIC_KEY_TYPE to be made a bool, not a tristate, as
      the Kconfig language doesn't then correctly force ASYMMETRIC_KEY_TYPE to
      'y' rather than 'm' if SYSTEM_TRUSTED_KEYRING is 'y'.
      
      Making SYSTEM_TRUSTED_KEYRING *select* ASYMMETRIC_KEY_TYPE instead doesn't
      work as the Kconfig interpreter then wrongly complains about dependency
      loops.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      99716b7c
  2. 26 Feb, 2016 1 commit
  3. 14 Aug, 2015 1 commit