Currently we fail the loading of modules that are signed with a public key that is not in the modsign keyring even if we are not in enforcing mode. This is somewhat at odds with the fact that we allow a completely unsigned module to load in such a case.
We should allow modules signed with an unknown key to load in cases where we are not enforcing and not in FIPS mode. Signed-off-by: Josh Boyer <[email protected]> Signed-off-by: David Howells <[email protected]> --- kernel/module-verify.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/module-verify.c b/kernel/module-verify.c index 070d730..c02d2e5 100644 --- a/kernel/module-verify.c +++ b/kernel/module-verify.c @@ -124,6 +124,13 @@ int module_verify(const void *data, size_t size, bool *_gpgsig_ok) break; case -ENOKEY: /* Signed, but we don't have the public key */ pr_err("Module signed with unknown public key\n"); + if (!modsign_signedonly) { + /* Allow a module to be signed with an unknown public + * key unless we're enforcing. + */ + pr_info("Allowing\n"); + ret = 0; + } break; default: /* Other error (probably ENOMEM) */ break; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
