projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 74f5e30) | patch
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
authorEric Snowberg <eric.snowberg@oracle.com>
Wed, 26 Jan 2022 02:58:34 +0000 (21:58 -0500)
committerJarkko Sakkinen <jarkko@kernel.org>
Tue, 8 Mar 2022 11:55:52 +0000 (13:55 +0200)
commit3d6ae1a5d0c2019d274284859f556dcb64aa98a7
treeadba80c2bffd87b1e986a0d0ecb93ba18407d3batree | snapshot
parent74f5e30051399d60dbce4296dbfd833212df13f1commit | diff
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true

With the introduction of uefi_check_trust_mok_keys, it signifies the end-
user wants to trust the machine keyring as trusted keys.  If they have
chosen to trust the machine keyring, load the qualifying keys into it
during boot, then link it to the secondary keyring .  If the user has not
chosen to trust the machine keyring, it will be empty and not linked to
the secondary keyring.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/integrity/digsig.c diff | blob | blame | history
security/integrity/integrity.h diff | blob | blame | history
security/integrity/platform_certs/keyring_handler.c diff | blob | blame | history
security/integrity/platform_certs/machine_keyring.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)