diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2018-12-12 21:07:56 +0100 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2018-12-13 04:04:33 +0100 |
| commit | 15ea0e1e3e185040bed6119f815096f2e4326242 (patch) | |
| tree | cc0ecb830489dc77ffcec87b2500ac9aa540b31f /fs/btrfs/acl.c | |
| parent | efi: Add an EFI signature blob parser (diff) | |
| download | linux-15ea0e1e3e185040bed6119f815096f2e4326242.tar.xz linux-15ea0e1e3e185040bed6119f815096f2e4326242.zip | |
efi: Import certificates from UEFI Secure Boot
Secure Boot stores a list of allowed certificates in the 'db' variable.
This patch imports those certificates into the platform keyring. The shim
UEFI bootloader has a similar certificate list stored in the 'MokListRT'
variable. We import those as well.
Secure Boot also maintains a list of disallowed certificates in the 'dbx'
variable. We load those certificates into the system blacklist keyring
and forbid any kernel signed with those from loading.
[zohar@linux.ibm.com: dropped Josh's original patch description]
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'fs/btrfs/acl.c')
0 files changed, 0 insertions, 0 deletions