KEYS: Separate the kernel signature checking keyring from module signing
Separate the kernel signature checking keyring from module signing so that it
can be used by code other than the module-signing code.
Signed-off-by: David Howells <dhowells@redhat.com>
diff --git a/kernel/system_certificates.S b/kernel/system_certificates.S
new file mode 100644
index 0000000..552d47b
--- /dev/null
+++ b/kernel/system_certificates.S
@@ -0,0 +1,12 @@
+#include <linux/export.h>
+#include <linux/init.h>
+
+#define GLOBAL(name) \
+ .globl VMLINUX_SYMBOL(name); \
+ VMLINUX_SYMBOL(name):
+
+ __INITRODATA
+
+GLOBAL(system_certificate_list)
+ .incbin "kernel/x509_certificate_list"
+GLOBAL(system_certificate_list_end)