evm: load an x509 certificate from the kernel This patch defines a configuration option and the evm_load_x509() hook to load an X509 certificate onto the EVM trusted kernel keyring. Changes in v4: * Patch description updated Changes in v3: * Removed EVM_X509_PATH definition. CONFIG_EVM_X509_PATH is used directly. Changes in v2: * default key patch changed to /etc/keys Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

commit: 2ce523eb8976a12de1a4fb6fe8ad0b09b5dafb31 [log] [tgz]
author: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Thu Oct 22 21:26:21 2015 +0300
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> Tue Dec 15 08:31:19 2015 -0500
tree: 45b99ce12be798b8d4d75eadefd576d2aa430efe
parent: f4dc37785e9b3373d0cb93125d5579fed2af3a43 [diff] [blame]
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 75b7e30..519de0a 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c

@@ -472,6 +472,13 @@
 }
 EXPORT_SYMBOL_GPL(evm_inode_init_security);
 
+#ifdef CONFIG_EVM_LOAD_X509
+void __init evm_load_x509(void)
+{
+	integrity_load_x509(INTEGRITY_KEYRING_EVM, CONFIG_EVM_X509_PATH);
+}
+#endif
+
 static int __init init_evm(void)
 {
 	int error;
commit	2ce523eb8976a12de1a4fb6fe8ad0b09b5dafb31	[log] [tgz]
author	Dmitry Kasatkin <dmitry.kasatkin@huawei.com>	Thu Oct 22 21:26:21 2015 +0300
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	Tue Dec 15 08:31:19 2015 -0500
tree	45b99ce12be798b8d4d75eadefd576d2aa430efe
parent	f4dc37785e9b3373d0cb93125d5579fed2af3a43 [diff] [blame]