Git Repo - linux.git/commit

author	Josh Boyer <[email protected]>
	Wed, 12 Dec 2018 20:07:56 +0000 (01:37 +0530)
committer	Mimi Zohar <[email protected]>
	Thu, 13 Dec 2018 03:04:33 +0000 (22:04 -0500)
commit	15ea0e1e3e185040bed6119f815096f2e4326242
tree	cc0ecb830489dc77ffcec87b2500ac9aa540b31f	tree \| snapshot
parent	0bc9ae395b3f3b6557f0c5f0a0b0cd2fd5c00a04	commit \| diff

efi: Import certificates from UEFI Secure Boot

Secure Boot stores a list of allowed certificates in the 'db' variable.
This patch imports those certificates into the platform keyring. The shim
UEFI bootloader has a similar certificate list stored in the 'MokListRT'
variable. We import those as well.

Secure Boot also maintains a list of disallowed certificates in the 'dbx'
variable. We load those certificates into the system blacklist keyring
and forbid any kernel signed with those from loading.

[[email protected]: dropped Josh's original patch description]
Signed-off-by: Josh Boyer <[email protected]>
Signed-off-by: David Howells <[email protected]>
Signed-off-by: Nayna Jain <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>

security/integrity/Makefile		diff \| blob \| blame \| history
security/integrity/platform_certs/load_uefi.c	[new file with mode: 0644]	blob