MODSIGN: Add FIPS policy (1d0059f3) · Commits · e / devices / android_kernel_xiaomi_markw

kernel/module.c

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -58,6 +58,7 @@
	#include <linux/jump_label.h>		#include <linux/jump_label.h>
	#include <linux/pfn.h>		#include <linux/pfn.h>
	#include <linux/bsearch.h>		#include <linux/bsearch.h>
			#include <linux/fips.h>
	#include "module-internal.h"		#include "module-internal.h"

	#define CREATE_TRACE_POINTS		#define CREATE_TRACE_POINTS
	@@ -2447,6 +2448,9 @@ static int module_sig_check(struct load_info *info,
	}		}

	/* Not having a signature is only an error if we're strict. */		/* Not having a signature is only an error if we're strict. */
			if (err < 0 && fips_enabled)
			panic("Module verification failed with error %d in FIPS mode\n",
			err);
	if (err == -ENOKEY && !sig_enforce)		if (err == -ENOKEY && !sig_enforce)
	err = 0;		err = 0;