]> www.infradead.org Git - users/hch/block.git/commit
projects / users / hch / block.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: e6a3531) | patch
dm verity: fallback to platform keyring also if key in trusted keyring is rejected
authorLuca Boccassi <bluca@debian.org>
Sun, 22 Sep 2024 16:17:53 +0000 (18:17 +0200)
committerMikulas Patocka <mpatocka@redhat.com>
Thu, 26 Sep 2024 15:27:08 +0000 (17:27 +0200)
commit579b2ba40ece57f3f9150f59dfe327e60a5445b5
tree83779bcb961c69aa71605a7abe6cad6745d044c6tree
parente6a3531dd542cb127c8de32ab1e54a48ae19962bcommit | diff
dm verity: fallback to platform keyring also if key in trusted keyring is rejected

If enabled, we fallback to the platform keyring if the trusted keyring doesn't have
the key used to sign the roothash. But if pkcs7_verify() rejects the key for other
reasons, such as usage restrictions, we do not fallback. Do so.

Follow-up for 6fce1f40e95182ebbfe1ee3096b8fc0b37903269

Suggested-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Luca Boccassi <bluca@debian.org>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
drivers/md/dm-verity-verify-sig.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.