Sandeep Patil 4c2a8d2ef8 ANDROID: android-verity: Add API to verify signature with builtin keys. ... The builtin keyring was exported prior to this which allowed android-verity to simply lookup the key in the builtin keyring and verify the signature of the verity metadata. This is now broken as the kernel expects the signature to be in pkcs#7 format (same used for module signing). Obviously, this doesn't work with the verity metadata as we just append the raw signature in the metadata .. sigh. *This one time*, add an API to accept arbitrary signature and verify that with a key from system's trusted keyring. Bug: 72722987 Test: $ adb push verity_fs.img /data/local/tmp/ $ adb root && adb shell > cd /data/local/tmp > losetup /dev/block/loop0 verity_fs.img > dmctl create verity-fs android-verity 0 4200 Android:#7e4333f9bba00adfe0ede979e28ed1920492b40f 7:0 > mount -t ext4 /dev/block/dm-0 temp/ > cat temp/foo.txt temp/bar.txt Change-Id: I0c14f3cb2b587b73a4c75907367769688756213e Signed-off-by: Sandeep Patil <sspatil@google.com>		2018-08-28 17:10:42 +05:30
..
.gitignore	certs: add .gitignore to stop git nagging about x509_certificate_list	2015-10-21 15:18:35 +01:00
blacklist.c	scripts/spelling.txt: add "intialise(d)" pattern and fix typo instances	2017-05-08 17:15:13 -07:00
blacklist.h	certs/blacklist: fix const confusion	2018-06-26 09:43:03 -07:00
blacklist_hashes.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
blacklist_nohashes.c	certs/blacklist_nohashes.c: fix const confusion in certs blacklist	2018-02-21 15:35:43 -08:00
Kconfig	docs: Fix some broken references	2018-06-15 18:10:01 -03:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
system_certificates.S	export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR()	2018-08-22 23:21:44 +09:00
system_keyring.c	ANDROID: android-verity: Add API to verify signature with builtin keys.	2018-08-28 17:10:42 +05:30