Go to file
Yannik Sembritzki ea93102f32 Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
The split of .system_keyring into .builtin_trusted_keys and
.secondary_trusted_keys broke kexec, thereby preventing kernels signed by
keys which are now in the secondary keyring from being kexec'd.

Fix this by passing VERIFY_USE_SECONDARY_KEYRING to
verify_pefile_signature().

Fixes: d3bfe84129 ("certs: Add a secondary system keyring that can be added to dynamically")
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-08-16 09:57:20 -07:00
arch Fix kexec forbidding kernels signed with keys in the secondary keyring to boot 2018-08-16 09:57:20 -07:00
block for-4.19/block-20180812 2018-08-14 10:23:25 -07:00
certs Replace magic for trusting the secondary keyring with #define 2018-08-16 09:57:20 -07:00
crypto Replace magic for trusting the secondary keyring with #define 2018-08-16 09:57:20 -07:00
Documentation pci-v4.19-changes 2018-08-16 09:21:54 -07:00
drivers pci-v4.19-changes 2018-08-16 09:21:54 -07:00
firmware
fs Just one jfs patch for 4.19 2018-08-15 22:47:23 -07:00
include Replace magic for trusting the secondary keyring with #define 2018-08-16 09:57:20 -07:00
init Consolidation of Kconfig files by Christoph Hellwig. 2018-08-15 13:05:12 -07:00
ipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
kernel drm pull for 4.19-rc1 2018-08-15 17:39:07 -07:00
lib SCSI misc on 20180815 2018-08-15 22:06:26 -07:00
LICENSES LICENSES: Add Linux-OpenIB license text 2018-04-27 16:41:53 -06:00
mm Consolidation of Kconfig files by Christoph Hellwig. 2018-08-15 13:05:12 -07:00
net Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-08-15 16:01:47 -07:00
samples Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
scripts Kconfig updates for v4.19 2018-08-15 12:50:10 -07:00
security Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-08-15 22:54:12 -07:00
sound ALSA: update dell-wmi mic-mute registration to new world order 2018-08-15 19:08:10 -07:00
tools pci-v4.19-changes 2018-08-16 09:21:54 -07:00
usr kbuild: rename built-in.o to built-in.a 2018-03-26 02:01:19 +09:00
virt arm64 updates for 4.19 2018-08-14 16:39:13 -07:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap mailmap: remap some of my email addresses to kernel.org address 2018-08-06 13:15:16 -04:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS MAINTAINERS/CREDITS: Drop METAG ARCHITECTURE 2018-03-05 16:34:24 +00:00
Kbuild
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS SCSI misc on 20180815 2018-08-15 22:06:26 -07:00
Makefile Kconfig updates for v4.19 2018-08-15 12:50:10 -07:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.