linux-stable/certs
Nayna Jain 44e69ea538 integrity: PowerVM support for loading third party code signing keys
On secure boot enabled PowerVM LPAR, third party code signing keys are
needed during early boot to verify signed third party modules. These
third party keys are stored in moduledb object in the Platform
KeyStore (PKS).

Load third party code signing keys onto .secondary_trusted_keys keyring.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2023-08-17 20:12:35 +00:00
..
.gitignore certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build 2022-06-15 21:52:32 +03:00
blacklist_hashes.c certs: unify blacklist_hashes.c and blacklist_nohashes.c 2022-07-27 21:17:59 +09:00
blacklist.c certs: don't try to update blacklist keys 2023-02-13 10:11:20 +02:00
blacklist.h certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-03-11 16:31:28 +00:00
check-blacklist-hashes.awk certs: move scripts/check-blacklist-hashes.awk to certs/ 2022-07-27 21:17:59 +09:00
default_x509.genkey certs: check-in the default x509 config file 2021-12-11 22:09:14 +09:00
extract-cert.c kbuild: do not print extra logs for V=2 2023-01-22 23:43:32 +09:00
Kconfig certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
Makefile certs: Fix build error when PKCS#11 URI contains semicolon 2023-01-31 17:53:01 +09:00
revocation_certificates.S certs: Add ability to preload revocation certs 2021-03-11 16:33:49 +00:00
system_certificates.S certs: include certs/signing_key.x509 unconditionally 2022-03-03 08:16:19 +09:00
system_keyring.c integrity: PowerVM support for loading third party code signing keys 2023-08-17 20:12:35 +00:00