Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-09 15:29:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-next/security/integrity
History
Josh Boyer 15ea0e1e3e efi: Import certificates from UEFI Secure Boot 
Secure Boot stores a list of allowed certificates in the 'db' variable.
This patch imports those certificates into the platform keyring. The shim
UEFI bootloader has a similar certificate list stored in the 'MokListRT'
variable. We import those as well.

Secure Boot also maintains a list of disallowed certificates in the 'dbx'
variable. We load those certificates into the system blacklist keyring
and forbid any kernel signed with those from loading.

[zohar@linux.ibm.com: dropped Josh's original patch description]
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-12 22:04:33 -05:00
..
evm
security/integrity: constify some read-only data
2018-10-10 12:56:15 -04:00
ima
ima: don't measure/appraise files on efivarfs
2018-12-11 07:19:46 -05:00
platform_certs
efi: Import certificates from UEFI Secure Boot
2018-12-12 22:04:33 -05:00
digsig_asymmetric.c
integrity: support new struct public_key_signature encoding field
2018-11-13 07:37:42 -05:00
digsig.c
integrity: Load certs to the platform keyring
2018-12-12 22:02:54 -05:00
iint.c
LSM: Record LSM name in struct lsm_info
2018-10-10 20:40:22 -07:00
integrity_audit.c
ima: Use audit_log_format() rather than audit_log_string()
2018-07-18 07:27:22 -04:00
integrity.h
integrity: Load certs to the platform keyring
2018-12-12 22:02:54 -05:00
Kconfig
integrity: Define a trusted platform keyring
2018-12-12 22:02:28 -05:00
Makefile
efi: Import certificates from UEFI Secure Boot
2018-12-12 22:04:33 -05:00