summaryrefslogtreecommitdiff
path: root/security/ipe/policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/ipe/policy.c')
-rw-r--r--security/ipe/policy.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/security/ipe/policy.c b/security/ipe/policy.c
index 4cea067adf6a..45f7d6a0ed23 100644
--- a/security/ipe/policy.c
+++ b/security/ipe/policy.c
@@ -169,9 +169,21 @@ struct ipe_policy *ipe_new_policy(const char *text, size_t textlen,
goto err;
}
- rc = verify_pkcs7_signature(NULL, 0, new->pkcs7, pkcs7len, NULL,
+ rc = verify_pkcs7_signature(NULL, 0, new->pkcs7, pkcs7len,
+#ifdef CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING
+ VERIFY_USE_SECONDARY_KEYRING,
+#else
+ NULL,
+#endif
VERIFYING_UNSPECIFIED_SIGNATURE,
set_pkcs7_data, new);
+#ifdef CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING
+ if (rc == -ENOKEY)
+ rc = verify_pkcs7_signature(NULL, 0, new->pkcs7, pkcs7len,
+ VERIFY_USE_PLATFORM_KEYRING,
+ VERIFYING_UNSPECIFIED_SIGNATURE,
+ set_pkcs7_data, new);
+#endif
if (rc)
goto err;
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-07 00:28:58 +0000