OSDN Git Service

(root) / uclinux-h8 / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 847c533) | patch
integrity: Trust MOK keys if MokListTrustedRT found
authorEric Snowberg <eric.snowberg@oracle.com>
Wed, 26 Jan 2022 02:58:33 +0000 (21:58 -0500)
committerJarkko Sakkinen <jarkko@kernel.org>
Tue, 8 Mar 2022 11:55:52 +0000 (13:55 +0200)
commit74f5e30051399d60dbce4296dbfd833212df13f1
tree76231062b60ea35b4b2cbe6cb5890b844ad54681tree | snapshot
parent847c5336d8439a3b8245b31fa127cf98a26afae8commit | diff
integrity: Trust MOK keys if MokListTrustedRT found

A new Machine Owner Key (MOK) variable called MokListTrustedRT has been
introduced in shim. When this UEFI variable is set, it indicates the
end-user has made the decision themselves that they wish to trust MOK keys
within the Linux trust boundary.  It is not an error if this variable
does not exist. If it does not exist, the MOK keys should not be trusted
within the kernel.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/integrity/platform_certs/machine_keyring.c diff | blob | history
About OSDN
Find Software
Develop Software
Help