|
@@ -58,6 +58,7 @@
|
|
|
#include <linux/jump_label.h>
|
|
#include <linux/jump_label.h>
|
|
|
#include <linux/pfn.h>
|
|
#include <linux/pfn.h>
|
|
|
#include <linux/bsearch.h>
|
|
#include <linux/bsearch.h>
|
|
|
|
|
+#include <linux/fips.h>
|
|
|
#include "module-internal.h"
|
|
#include "module-internal.h"
|
|
|
|
|
|
|
|
#define CREATE_TRACE_POINTS
|
|
#define CREATE_TRACE_POINTS
|
|
@@ -2447,6 +2448,9 @@ static int module_sig_check(struct load_info *info,
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/* Not having a signature is only an error if we're strict. */
|
|
/* Not having a signature is only an error if we're strict. */
|
|
|
|
|
+ if (err < 0 && fips_enabled)
|
|
|
|
|
+ panic("Module verification failed with error %d in FIPS mode\n",
|
|
|
|
|
+ err);
|
|
|
if (err == -ENOKEY && !sig_enforce)
|
|
if (err == -ENOKEY && !sig_enforce)
|
|
|
err = 0;
|
|
err = 0;
|
|
|
|
|
|
David Howells