Store a reference to the mok keyring in system keyring code. The reference is only set when trust_moklist is true. This prevents the mok keyring from linking to either the builtin or secondary trusted keyrings with an empty mok list. Signed-off-by: Eric Snowberg <eric.snowberg@xxxxxxxxxx> --- v2: Initial version --- security/integrity/digsig.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 3a12cc85b528..cf13f4c56517 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -112,6 +112,8 @@ static int __init __integrity_init_keyring(const unsigned int id, } else { if (id == INTEGRITY_KEYRING_PLATFORM) set_platform_trusted_keys(keyring[id]); + if (id == INTEGRITY_KEYRING_MOK && trust_moklist()) + set_mok_trusted_keys(keyring[id]); if (id == INTEGRITY_KEYRING_IMA) load_module_cert(keyring[id]); } -- 2.18.4