certs: Add a secondary system keyring that can be added to dynamically
authorDavid Howells <dhowells@redhat.com>
Wed, 6 Apr 2016 15:14:27 +0000 (16:14 +0100)
committerDavid Howells <dhowells@redhat.com>
Mon, 11 Apr 2016 21:48:09 +0000 (22:48 +0100)
commitd3bfe84129f65e0af2450743ebdab33d161d01c9
tree37d567ed647f869e6a01cddcb40ec67b716204e0
parent77f68bac9481ad440f4f34dda3d28c2dce6eb87b
certs: Add a secondary system keyring that can be added to dynamically

Add a secondary system keyring that can be added to by root whilst the
system is running - provided the key being added is vouched for by a key
built into the kernel or already added to the secondary keyring.

Rename .system_keyring to .builtin_trusted_keys to distinguish it more
obviously from the new keyring (called .secondary_trusted_keys).

The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING.

If the secondary keyring is enabled, a link is created from that to
.builtin_trusted_keys so that the the latter will automatically be searched
too if the secondary keyring is searched.

Signed-off-by: David Howells <dhowells@redhat.com>
certs/Kconfig
certs/system_keyring.c
include/keys/system_keyring.h