projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c2f3ea6) | patch
MODSIGN: load blacklist from MOKx
authorBen Hutchings <benh@debian.org>
Sun, 15 Nov 2020 01:01:03 +0000 (01:01 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Tue, 3 Aug 2021 05:50:50 +0000 (06:50 +0100)
commit15ce2682c2977cfe125510f7763e57a14e55ccc9
tree89941ab69058de37a692493da6ccf8ea101d24a9tree | snapshot
parentc2f3ea6f1bf28ee3cd7ed00b806dbed1e45cd9c4commit | diff
MODSIGN: load blacklist from MOKx

Loosely based on a patch by "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
at <https://lore.kernel.org/patchwork/patch/933177/> which was later
rebased by Luca Boccassi.

This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.

Since MOK list loading became more complicated in 5.10 and was moved
to load_moklist_certs(), add parameters to that and call it once for
each of MokListRT and MokListXRT.

Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0002-MODSIGN-load-blacklist-from-MOKx.patch
security/integrity/platform_certs/load_uefi.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.