MODSIGN: Add FIPS policy
authorDavid Howells <dhowells@redhat.com>
Wed, 26 Sep 2012 09:09:50 +0000 (10:09 +0100)
committerRusty Russell <rusty@rustcorp.com.au>
Wed, 10 Oct 2012 09:31:19 +0000 (19:31 +1030)
commit1d0059f3a468825b5fc5405c636a2f6e02707ffa
tree0eef1243a093410f39564051d8904c8041e1e717
parent106a4ee258d14818467829bf0e12aeae14c16cd7
MODSIGN: Add FIPS policy

If we're in FIPS mode, we should panic if we fail to verify the signature on a
module or we're asked to load an unsigned module in signature enforcing mode.
Possibly FIPS mode should automatically enable enforcing mode.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
kernel/module.c