kernel_linux/certs
David Howells d3bfe84129 certs: Add a secondary system keyring that can be added to dynamically
Add a secondary system keyring that can be added to by root whilst the
system is running - provided the key being added is vouched for by a key
built into the kernel or already added to the secondary keyring.

Rename .system_keyring to .builtin_trusted_keys to distinguish it more
obviously from the new keyring (called .secondary_trusted_keys).

The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING.

If the secondary keyring is enabled, a link is created from that to
.builtin_trusted_keys so that the the latter will automatically be searched
too if the secondary keyring is searched.

Signed-off-by: David Howells <dhowells@redhat.com>
2016-04-11 22:48:09 +01:00
..
.gitignore certs: add .gitignore to stop git nagging about x509_certificate_list 2015-10-21 15:18:35 +01:00
Kconfig certs: Add a secondary system keyring that can be added to dynamically 2016-04-11 22:48:09 +01:00
Makefile modsign: hide openssl output in silent builds 2016-02-26 11:16:38 +00:00
system_certificates.S certs: Fix misaligned data in extra certificate list 2016-02-29 14:44:30 +00:00
system_keyring.c certs: Add a secondary system keyring that can be added to dynamically 2016-04-11 22:48:09 +01:00