Skip to content
Commit 15ea0e1e authored by Josh Boyer's avatar Josh Boyer Committed by Mimi Zohar
Browse files

efi: Import certificates from UEFI Secure Boot 



Secure Boot stores a list of allowed certificates in the 'db' variable.
This patch imports those certificates into the platform keyring. The shim
UEFI bootloader has a similar certificate list stored in the 'MokListRT'
variable. We import those as well.

Secure Boot also maintains a list of disallowed certificates in the 'dbx'
variable. We load those certificates into the system blacklist keyring
and forbid any kernel signed with those from loading.

[zohar@linux.ibm.com: dropped Josh's original patch description]
Signed-off-by: default avatarJosh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 0bc9ae39
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment