git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Snowberg <eric.snowberg@oracle.com>
	Fri, 22 Jan 2021 18:10:54 +0000 (13:10 -0500)
committer	David Howells <dhowells@redhat.com>
	Thu, 11 Mar 2021 16:34:48 +0000 (16:34 +0000)
commit	5fa4b34a4d1a261e57038cff8cf69efb522395f3
tree	252555f34d05a05b0a19484b1b6c33982440f5e9	tree \| snapshot
parent	6c164090a69a237c70f4dfbba7ad93286a06171e	commit \| diff

integrity: Load mokx variables into the blacklist keyring

During boot the Secure Boot Forbidden Signature Database, dbx,
is loaded into the blacklist keyring. Systems booted with shim
have an equivalent Forbidden Signature Database called mokx.
Currently mokx is only used by shim and grub, the contents are
ignored by the kernel.

Add the ability to load mokx into the blacklist keyring during boot.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Suggested-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
cc: keyrings@vger.kernel.org
Link: https://lore.kernel.org/r/c33c8e3839a41e9654f41cc92c7231104931b1d7.camel@HansenPartnership.com/
Link: https://lore.kernel.org/r/20210122181054.32635-5-eric.snowberg@oracle.com/
Link: https://lore.kernel.org/r/161428674320.677100.12637282414018170743.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/161433313205.902181.2502803393898221637.stgit@warthog.procyon.org.uk/
Link: https://lore.kernel.org/r/161529607422.163428.13530426573612578854.stgit@warthog.procyon.org.uk/