Skip to content
  • David Howells's avatar
    certs: Add a secondary system keyring that can be added to dynamically · d3bfe841
    David Howells authored
    
    
    Add a secondary system keyring that can be added to by root whilst the
    system is running - provided the key being added is vouched for by a key
    built into the kernel or already added to the secondary keyring.
    
    Rename .system_keyring to .builtin_trusted_keys to distinguish it more
    obviously from the new keyring (called .secondary_trusted_keys).
    
    The new keyring needs to be enabled with CONFIG_SECONDARY_TRUSTED_KEYRING.
    
    If the secondary keyring is enabled, a link is created from that to
    .builtin_trusted_keys so that the the latter will automatically be searched
    too if the secondary keyring is searched.
    
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    d3bfe841