@@ -356,7 +356,7 @@ static int __init blacklist_init(void)
/*
* Must be initialised before we try and load the keys into the keyring.
*/
-device_initcall(blacklist_init);
+fs_initcall(blacklist_init);
#ifdef CONFIG_SYSTEM_REVOCATION_LIST
/*
@@ -260,7 +260,7 @@ static __init int system_trusted_keyring_init(void)
/*
* Must be initialised before we try and load the keys into the keyring.
*/
-device_initcall(system_trusted_keyring_init);
+subsys_initcall(system_trusted_keyring_init);
__init int load_module_cert(struct key *keyring)
{
@@ -293,7 +293,7 @@ static __init int load_system_certificate_list(void)
return x509_load_certificate_list(p, size, builtin_trusted_keys);
}
-late_initcall(load_system_certificate_list);
+fs_initcall_sync(load_system_certificate_list);
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
@@ -681,5 +681,5 @@ static void __exit asymmetric_key_cleanup(void)
unregister_key_type(&key_type_asymmetric);
}
-module_init(asymmetric_key_init);
+subsys_initcall(asymmetric_key_init);
module_exit(asymmetric_key_cleanup);
@@ -246,7 +246,7 @@ static void __exit x509_key_exit(void)
unregister_asymmetric_key_parser(&x509_key_parser);
}
-module_init(x509_key_init);
+fs_initcall(x509_key_init);
module_exit(x509_key_exit);
MODULE_DESCRIPTION("X.509 certificate parser");
This exists at the moment to assure that the module signature checking logic can be utilized before the initramfs is mounted. Assuming we want to use the built in keys as well as MOK's to validate an init image, is just moving this stuff earlier in the boot process the right choice? Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> --- certs/blacklist.c | 2 +- certs/system_keyring.c | 4 ++-- crypto/asymmetric_keys/asymmetric_type.c | 2 +- crypto/asymmetric_keys/x509_public_key.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-)