]> www.infradead.org Git - users/jedix/linux-maple.git/commit
integrity: Load mokx variables into the blacklist keyring
authorEric Snowberg <eric.snowberg@oracle.com>
Fri, 22 Jan 2021 18:10:54 +0000 (13:10 -0500)
committerDavid Howells <dhowells@redhat.com>
Fri, 5 Mar 2021 22:29:00 +0000 (22:29 +0000)
commite377c31f788fc98815e1ab90b5a35704ce35843a
tree252555f34d05a05b0a19484b1b6c33982440f5e9
parentad33a49b42c5b5dc37b5dd0ba6159fb01cf10761
integrity: Load mokx variables into the blacklist keyring

During boot the Secure Boot Forbidden Signature Database, dbx,
is loaded into the blacklist keyring.  Systems booted with shim
have an equivalent Forbidden Signature Database called mokx.
Currently mokx is only used by shim and grub, the contents are
ignored by the kernel.

Add the ability to load mokx into the blacklist keyring during boot.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Suggested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
cc: keyrings@vger.kernel.org
Link: https://lore.kernel.org/r/20210122181054.32635-5-eric.snowberg@oracle.com/
Link: https://lore.kernel.org/r/c33c8e3839a41e9654f41cc92c7231104931b1d7.camel@HansenPartnership.com/
Link: https://lore.kernel.org/r/161428674320.677100.12637282414018170743.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/161433313205.902181.2502803393898221637.stgit@warthog.procyon.org.uk/
security/integrity/platform_certs/load_uefi.c