[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 6 Jul 2021 22:44:03 -0400
From: Eric Snowberg <eric.snowberg@...cle.com>
To: keyrings@...r.kernel.org, linux-integrity@...r.kernel.org,
zohar@...ux.ibm.com, dhowells@...hat.com, dwmw2@...radead.org,
herbert@...dor.apana.org.au, davem@...emloft.net,
jarkko@...nel.org, jmorris@...ei.org, serge@...lyn.com
Cc: eric.snowberg@...cle.com, keescook@...omium.org,
gregkh@...uxfoundation.org, torvalds@...ux-foundation.org,
scott.branden@...adcom.com, weiyongjun1@...wei.com,
nayna@...ux.ibm.com, ebiggers@...gle.com, ardb@...nel.org,
nramas@...ux.microsoft.com, lszubowi@...hat.com,
linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-security-module@...r.kernel.org,
James.Bottomley@...senPartnership.com, pjones@...hat.com,
glin@...e.com, konrad.wilk@...cle.com
Subject: [PATCH RFC 12/12] integrity: Suppress error message for keys added to the mok keyring
Suppress the error message for keys added to the mok keyring. If an
error occurs, the key will be added to the platform keyring instead.
Signed-off-by: Eric Snowberg <eric.snowberg@...cle.com>
---
security/integrity/digsig.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index e301cee037bf..50bdf839fa44 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -173,7 +173,8 @@ static int __init integrity_add_key(const unsigned int id, const void *data,
KEY_ALLOC_NOT_IN_QUOTA);
if (IS_ERR(key)) {
rc = PTR_ERR(key);
- pr_err("Problem loading X.509 certificate %d\n", rc);
+ if (id != INTEGRITY_KEYRING_MOK)
+ pr_err("Problem loading X.509 certificate %d\n", rc);
} else {
if (id == INTEGRITY_KEYRING_MOK)
rc = move_to_trusted_secondary_keyring(key_ref_to_ptr(key),
--
2.18.4
Powered by blists - more mailing lists