projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e147099) | patch
integrity: Trust MOK keys if MokListTrustedRT found
authorEric Snowberg <eric.snowberg@oracle.com>
Wed, 26 Jan 2022 02:58:33 +0000 (21:58 -0500)
committerJarkko Sakkinen <jarkko@kernel.org>
Wed, 23 Feb 2022 15:49:08 +0000 (16:49 +0100)
commit4d83e5144e224b90f6589d11b5fecde33c0dd211
treecf7ad63ccc66765c9a0051bcf062af63c9551547tree
parente147099c54c1c6d4999a0a7a494a07557c631f44commit | diff
integrity: Trust MOK keys if MokListTrustedRT found

A new Machine Owner Key (MOK) variable called MokListTrustedRT has been
introduced in shim. When this UEFI variable is set, it indicates the
end-user has made the decision themselves that they wish to trust MOK keys
within the Linux trust boundary.  It is not an error if this variable
does not exist. If it does not exist, the MOK keys should not be trusted
within the kernel.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/integrity/platform_certs/machine_keyring.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)