projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9dacff8) | patch
integrity: add new keyring handler for mok keys
authorEric Snowberg <eric.snowberg@oracle.com>
Wed, 26 Jan 2022 02:58:29 +0000 (21:58 -0500)
committerJarkko Sakkinen <jarkko@kernel.org>
Wed, 23 Feb 2022 15:49:07 +0000 (16:49 +0100)
commitf6233ee4ec672bb016756c74d7b4a4f0da70f9c9
treea4956b0386b8808d661f34cb20cd686374061ca1tree
parent9dacff8888465c651d7b093cae6c7e35edbec364commit | diff
integrity: add new keyring handler for mok keys

Currently both Secure Boot DB and Machine Owner Keys (MOK) go through
the same keyring handler (get_handler_for_db). With the addition of the
new machine keyring, the end-user may choose to trust MOK keys.

Introduce a new keyring handler specific for MOK keys.  If MOK keys are
trusted by the end-user, use the new keyring handler instead.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/integrity/platform_certs/keyring_handler.c diff | blob | blame | history
security/integrity/platform_certs/keyring_handler.h diff | blob | blame | history
security/integrity/platform_certs/load_uefi.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)