projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2a8081e) | patch
MODSIGN: load blacklist from MOKx
authorBen Hutchings <benh@debian.org>
Sun, 15 Nov 2020 01:01:03 +0000 (01:01 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Fri, 19 Mar 2021 18:20:52 +0000 (18:20 +0000)
commitcc61fd6ecb2fd2c6152bba3ef20adc3efc14bd26
treec5e5ccddd57418adf11ef6003f011ff116ae1c8ftree | snapshot
parent2a8081ece6e1c4bdb556eda9e2b9a8233c87f6cbcommit | diff
MODSIGN: load blacklist from MOKx

Loosely based on a patch by "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
at <https://lore.kernel.org/patchwork/patch/933177/> which was later
rebased by Luca Boccassi.

This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.

Since MOK list loading became more complicated in 5.10 and was moved
to load_moklist_certs(), add parameters to that and call it once for
each of MokListRT and MokListXRT.

Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0002-MODSIGN-load-blacklist-from-MOKx.patch
security/integrity/platform_certs/load_uefi.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.