linux-stable/certs
Thomas Weißschuh c95e8f6fd1 certs: don't try to update blacklist keys
When the same key is blacklisted repeatedly logging at pr_err() level is
excessive as no functionality is impaired.
When these duplicates are provided by buggy firmware there is nothing
the user can do to fix the situation.
Instead of spamming the bootlog with errors we use a warning that can
still be seen by OEMs when testing their firmware.

Link: https://lore.kernel.org/all/c8c65713-5cda-43ad-8018-20f2e32e4432@t-8ch.de/
Link: https://lore.kernel.org/all/20221104014704.3469-1-linux@weissschuh.net/
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2023-02-13 10:11:20 +02:00
..
.gitignore certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build 2022-06-15 21:52:32 +03:00
blacklist_hashes.c certs: unify blacklist_hashes.c and blacklist_nohashes.c 2022-07-27 21:17:59 +09:00
blacklist.c certs: don't try to update blacklist keys 2023-02-13 10:11:20 +02:00
blacklist.h certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-03-11 16:31:28 +00:00
check-blacklist-hashes.awk certs: move scripts/check-blacklist-hashes.awk to certs/ 2022-07-27 21:17:59 +09:00
default_x509.genkey certs: check-in the default x509 config file 2021-12-11 22:09:14 +09:00
extract-cert.c cert host tools: Stop complaining about deprecated OpenSSL functions 2022-06-08 13:18:39 -07:00
Kconfig certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
Makefile certs: Fix build error when PKCS#11 URI contains semicolon 2023-01-31 17:53:01 +09:00
revocation_certificates.S certs: Add ability to preload revocation certs 2021-03-11 16:33:49 +00:00
system_certificates.S certs: include certs/signing_key.x509 unconditionally 2022-03-03 08:16:19 +09:00
system_keyring.c certs: Move load_certificate_list() to be with the asymmetric keys code 2022-06-21 16:05:06 +01:00