27 lines
925 B
Diff
27 lines
925 B
Diff
From: David Howells <dhowells@redhat.com>
|
|
Date: Wed, 5 Apr 2017 17:40:30 +0100
|
|
Subject: [42/62] Enforce module signatures if the kernel is locked down
|
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a9643aef5a6c576f32a97053b4024638943044ca
|
|
|
|
If the kernel is locked down, require that all modules have valid
|
|
signatures that we can verify.
|
|
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
---
|
|
kernel/module.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/kernel/module.c b/kernel/module.c
|
|
index 7eba6dea4f41..3331f2eb9b93 100644
|
|
--- a/kernel/module.c
|
|
+++ b/kernel/module.c
|
|
@@ -2756,7 +2756,7 @@ static int module_sig_check(struct load_info *info, int flags)
|
|
}
|
|
|
|
/* Not having a signature is only an error if we're strict. */
|
|
- if (err == -ENOKEY && !sig_enforce)
|
|
+ if (err == -ENOKEY && !sig_enforce && !kernel_is_locked_down())
|
|
err = 0;
|
|
|
|
return err;
|