diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index a662024b4c70bc7d10d9b4c8130d822deecf092c..92dc64755e53374b7a32c3ec84116a4ffd19fa33 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -9,6 +9,7 @@
 #include <linux/err.h>
 #include <linux/ratelimit.h>
 #include <linux/key-type.h>
+#include <linux/verification.h>
 #include <crypto/public_key.h>
 #include <crypto/hash_info.h>
 #include <keys/asymmetric-type.h>
@@ -54,6 +55,15 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
 		key = request_key(&key_type_asymmetric, name, NULL);
 	}
 
+	if (IS_ERR(key)) {
+#ifdef CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
+		keyring = VERIFY_USE_SECONDARY_KEYRING;
+#else
+		keyring = NULL;
+#endif
+		key = search_trusted_key(keyring, &key_type_asymmetric, name);
+	}
+
 	if (IS_ERR(key)) {
 		if (keyring)
 			pr_err_ratelimited("Request for unknown key '%s' in '%s' keyring. err %ld\n",