projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fc423ce) | patch
MODSIGN: load blacklist from MOKx
authorBen Hutchings <benh@debian.org>
Sun, 15 Nov 2020 01:01:03 +0000 (01:01 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Fri, 9 Apr 2021 18:17:58 +0000 (19:17 +0100)
commit2259d0e0aca0860037c3df12af8853783b305d49
treead4ae1328cdb2d22527d7966c738d000747389e4tree | snapshot
parentfc423ce4e4a9afb4811c63095b286b0679a121e1commit | diff
MODSIGN: load blacklist from MOKx

Loosely based on a patch by "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
at <https://lore.kernel.org/patchwork/patch/933177/> which was later
rebased by Luca Boccassi.

This patch adds the logic to load the blacklisted hash and
certificates from MOKx which is maintained by shim bootloader.

Since MOK list loading became more complicated in 5.10 and was moved
to load_moklist_certs(), add parameters to that and call it once for
each of MokListRT and MokListXRT.

Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0002-MODSIGN-load-blacklist-from-MOKx.patch
security/integrity/platform_certs/load_uefi.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.