Allow the .mok keyring to be linked to the secondary_trusted_keys. After the link is created, keys contained in the .mok keyring will automatically be searched when searching secondary_trusted_keys. Signed-off-by: Eric Snowberg <eric.snowberg@xxxxxxxxxx> --- v3: Initial version v4: Unmodified from v3 --- certs/system_keyring.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 1c39af137cf1..4ce39b4ccc04 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -101,6 +101,9 @@ static __init struct key_restriction *get_builtin_and_secondary_restriction(void void __init set_mok_trusted_keys(struct key *keyring) { mok_trusted_keys = keyring; + + if (key_link(secondary_trusted_keys, mok_trusted_keys) < 0) + panic("Can't link (mok) trusted keyrings\n"); } /** -- 2.18.4