projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f2b54a7) | patch
MODSIGN: load blacklist from MOKx
authorBen Hutchings <benh@debian.org>
Sun, 15 Nov 2020 01:01:03 +0000 (01:01 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Tue, 28 Sep 2021 04:29:40 +0000 (05:29 +0100)
commit1d50ccd17f5151cd0da5f0fb5238b6189222b719
tree84fc64c3b6f3f294c5a337f0e7ab453315d068e5tree | snapshot
parentf2b54a7f2c9eec8499c755c13a274cbd7ee6df96commit | diff
MODSIGN: load blacklist from MOKx

Loosely based on a patch by "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
at <https://lore.kernel.org/patchwork/patch/933177/> which was later
rebased by Luca Boccassi.

This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.

Since MOK list loading became more complicated in 5.10 and was moved
to load_moklist_certs(), add parameters to that and call it once for
each of MokListRT and MokListXRT.

Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0002-MODSIGN-load-blacklist-from-MOKx.patch
security/integrity/platform_certs/load_uefi.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.