Merge tag 'iwlwifi-for-kalle-2019-03-22' of git://git.kernel.org/pub/scm/linux/kernel...

[linux-2.6-microblaze.git] / certs / system_keyring.c

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index da055e9..c05c29a 100644 (file)
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -240,11 +240,22 @@ int verify_pkcs7_signature(const void *data, size_t len,
 #else
                trusted_keys = builtin_trusted_keys;
 #endif
+       } else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) {
+#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
+               trusted_keys = platform_trusted_keys;
+#else
+               trusted_keys = NULL;
+#endif
+               if (!trusted_keys) {
+                       ret = -ENOKEY;
+                       pr_devel("PKCS#7 platform keyring is not available\n");
+                       goto error;
+               }
        }
        ret = pkcs7_validate_trust(pkcs7, trusted_keys);
        if (ret < 0) {
                if (ret == -ENOKEY)
-                       pr_err("PKCS#7 signature not signed with a trusted key\n");
+                       pr_devel("PKCS#7 signature not signed with a trusted key\n");
                goto error;
        }