]> www.infradead.org Git - users/willy/linux.git/commit
projects / users / willy / linux.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: ed6633b) | patch
efi: Allow the "db" UEFI variable to be suppressed
authorJosh Boyer <jwboyer@fedoraproject.org>
Sat, 8 Dec 2018 20:27:04 +0000 (01:57 +0530)
committerMimi Zohar <zohar@linux.ibm.com>
Sun, 9 Dec 2018 18:17:16 +0000 (13:17 -0500)
commitf677fb08ea95ceecc1fbf68b3feeff4163cbba1f
tree1a5b7d16ad42bf3664121bc0732a4d008b3eeeectree
parented6633bd9826a83876d986a9efd6ebcc988770d5commit | diff
efi: Allow the "db" UEFI variable to be suppressed

If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called
MokIgnoreDB. Have the uefi import code look for this and ignore the db
variable if it is found.

[zohar@linux.ibm.com: removed reference to "secondary" keyring comment]
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
security/integrity/platform_certs/load_uefi.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.