projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4d83e51) | patch
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
authorEric Snowberg <eric.snowberg@oracle.com>
Wed, 26 Jan 2022 02:58:34 +0000 (21:58 -0500)
committerJarkko Sakkinen <jarkko@kernel.org>
Wed, 23 Feb 2022 15:49:08 +0000 (16:49 +0100)
commitc9e54f38976a1c0ec69c0a6208b3fd55fceb01d1
tree5994ef2ddc6d541cfa0ae25863a437e2485e94d5tree
parent4d83e5144e224b90f6589d11b5fecde33c0dd211commit | diff
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true

With the introduction of uefi_check_trust_mok_keys, it signifies the end-
user wants to trust the machine keyring as trusted keys.  If they have
chosen to trust the machine keyring, load the qualifying keys into it
during boot, then link it to the secondary keyring .  If the user has not
chosen to trust the machine keyring, it will be empty and not linked to
the secondary keyring.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/integrity/digsig.c diff | blob | blame | history
security/integrity/integrity.h diff | blob | blame | history
security/integrity/platform_certs/keyring_handler.c diff | blob | blame | history
security/integrity/platform_certs/machine_keyring.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)