linux-next/drivers/firmware/efi
Lenny Szubowicz 58c909022a efi: Support for MOK variable config table
Because of system-specific EFI firmware limitations, EFI volatile
variables may not be capable of holding the required contents of
the Machine Owner Key (MOK) certificate store when the certificate
list grows above some size. Therefore, an EFI boot loader may pass
the MOK certs via a EFI configuration table created specifically for
this purpose to avoid this firmware limitation.

An EFI configuration table is a much more primitive mechanism
compared to EFI variables and is well suited for one-way passage
of static information from a pre-OS environment to the kernel.

This patch adds initial kernel support to recognize, parse,
and validate the EFI MOK configuration table, where named
entries contain the same data that would otherwise be provided
in similarly named EFI variables.

Additionally, this patch creates a sysfs binary file for each
EFI MOK configuration table entry found. These files are read-only
to root and are provided for use by user space utilities such as
mokutil.

A subsequent patch will load MOK certs into the trusted platform
key ring using this infrastructure.

Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com>
Link: https://lore.kernel.org/r/20200905013107.10457-2-lszubowi@redhat.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2020-09-16 18:53:42 +03:00
..
libstub efi/libstub: arm32: Use low allocation for the uncompressed kernel 2020-09-16 18:55:02 +03:00
test efi_test: get rid of pointless access_ok() 2020-05-29 11:05:54 -04:00
apple-properties.c efi/dev-path-parser: Add struct definition for vendor type device path nodes 2020-02-23 21:59:42 +01:00
arm-runtime.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
capsule-loader.c efi/capsule-loader: Drop superfluous assignment 2020-02-23 21:58:31 +01:00
capsule.c efi: Replace GPL license boilerplate with SPDX headers 2019-02-04 08:27:25 +01:00
cper-arm.c efi: Replace GPL license boilerplate with SPDX headers 2019-02-04 08:27:25 +01:00
cper-x86.c efi: Decode IA32/X64 Context Info structure 2018-05-14 08:57:48 +02:00
cper.c efi: cper: Add support for printing Firmware Error Record Reference 2020-05-14 11:11:20 +02:00
dev-path-parser.c efi/dev-path-parser: Add struct definition for vendor type device path nodes 2020-02-23 21:59:42 +01:00
earlycon.c efi/earlycon: Fix early printk for wider fonts 2020-05-12 12:29:45 +02:00
efi-bgrt.c efi/bgrt: Accept BGRT tables with a version of 0 2020-02-22 23:37:37 +01:00
efi-init.c efi: Support for MOK variable config table 2020-09-16 18:53:42 +03:00
efi-pstore.c efi/efivars: Expose RT service availability via efivars abstraction 2020-07-09 10:14:29 +03:00
efi.c efi: Support for MOK variable config table 2020-09-16 18:53:42 +03:00
efibc.c efibc: Replace variable set function in notifier call 2019-06-22 10:24:57 +02:00
efivars.c efi/efivars: Expose RT service availability via efivars abstraction 2020-07-09 10:14:29 +03:00
embedded-firmware.c efi: use sha256() instead of open coding 2020-07-16 21:49:05 +10:00
esrt.c efi/esrt: Fix reference count leak in esre_create_sysfs_entry. 2020-06-15 14:38:56 +02:00
fake_mem.c efi: Fix handling of multiple efi_fake_mem= entries 2020-01-20 08:14:29 +01:00
fake_mem.h x86/efi: Add efi_fake_mem support for EFI_MEMORY_SP 2019-11-07 15:44:23 +01:00
fdtparams.c efi/arm: Rewrite FDT param discovery routines 2020-02-23 21:59:42 +01:00
Kconfig efi: Make it possible to disable efivar_ssdt entirely 2020-06-16 11:01:07 +02:00
Makefile efi: Support for MOK variable config table 2020-09-16 18:53:42 +03:00
memattr.c efi: Move mem_attr_table out of struct efi 2020-02-23 21:59:42 +01:00
memmap.c efi: Fix handling of multiple efi_fake_mem= entries 2020-01-20 08:14:29 +01:00
mokvar-table.c efi: Support for MOK variable config table 2020-09-16 18:53:42 +03:00
rci2-table.c efi: Don't attempt to map RCI2 config table if it doesn't exist 2019-12-10 12:13:02 +01:00
reboot.c efi: Use EFI ResetSystem only when available 2020-02-23 21:59:42 +01:00
runtime-map.c efi: Replace GPL license boilerplate with SPDX headers 2019-02-04 08:27:25 +01:00
runtime-wrappers.c efi: Add 'runtime' pointer to struct efi 2020-02-23 21:59:42 +01:00
tpm.c EFI fixes for v5.7-rc6: 2020-05-22 20:06:25 +02:00
vars.c efi/efivars: Expose RT service availability via efivars abstraction 2020-07-09 10:14:29 +03:00
x86_fake_mem.c x86/efi: Add efi_fake_mem support for EFI_MEMORY_SP 2019-11-07 15:44:23 +01:00