Merge tag 'keys-next-20160505' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowe...

[deliverable/linux.git] / arch / x86 / kernel / kexec-bzimage64.c

diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
index 0f8a6bbaaa443c9cc1b936755373e2b28c59ab4d..f2356bda2b0546c245f9274f22cd2e429c29b52b 100644 (file)
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -19,8 +19,7 @@
 #include <linux/kernel.h>
 #include <linux/mm.h>
 #include <linux/efi.h>
-#include <linux/verify_pefile.h>
-#include <keys/system_keyring.h>
+#include <linux/verification.h>
 
 #include <asm/bootparam.h>
 #include <asm/setup.h>
@@ -271,7 +270,7 @@ static int bzImage64_probe(const char *buf, unsigned long len)
        int ret = -ENOEXEC;
        struct setup_header *header;
 
-       /* kernel should be atleast two sectors long */
+       /* kernel should be at least two sectors long */
        if (len < 2 * 512) {
                pr_err("File is too short to be a bzImage\n");
                return ret;
@@ -529,18 +528,9 @@ static int bzImage64_cleanup(void *loader_data)
 #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG
 static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
 {
-       bool trusted;
-       int ret;
-
-       ret = verify_pefile_signature(kernel, kernel_len,
-                                     system_trusted_keyring,
-                                     VERIFYING_KEXEC_PE_SIGNATURE,
-                                     &trusted);
-       if (ret < 0)
-               return ret;
-       if (!trusted)
-               return -EKEYREJECTED;
-       return 0;
+       return verify_pefile_signature(kernel, kernel_len,
+                                      NULL,
+                                      VERIFYING_KEXEC_PE_SIGNATURE);
 }
 #endif