[PATCH v5 0/4] Add EFI_CERT_X509_GUID support for dbx/mokx entries
From: Eric Snowberg
Date: Fri Jan 22 2021 - 13:49:17 EST
This is the fifth patch series for adding support for
EFI_CERT_X509_GUID entries [1]. It has been expanded to not only include
dbx entries but also entries in the mokx. Additionally my series to
preload these certificate [2] has also been included.
This series is based on v5.11-rc4.
[1] https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@xxxxxxxxxx/
[2] https://lore.kernel.org/patchwork/cover/1315485/
Eric Snowberg (4):
certs: Add EFI_CERT_X509_GUID support for dbx entries
certs: Move load_system_certificate_list to a common function
certs: Add ability to preload revocation certs
integrity: Load mokx variables into the blacklist keyring
certs/Kconfig | 8 +++
certs/Makefile | 20 ++++++-
certs/blacklist.c | 49 ++++++++++++++++
certs/blacklist.h | 12 ++++
certs/common.c | 56 +++++++++++++++++++
certs/common.h | 9 +++
certs/revocation_certificates.S | 21 +++++++
certs/system_keyring.c | 55 +++---------------
include/keys/system_keyring.h | 11 ++++
scripts/Makefile | 1 +
.../platform_certs/keyring_handler.c | 11 ++++
security/integrity/platform_certs/load_uefi.c | 20 ++++++-
12 files changed, 222 insertions(+), 51 deletions(-)
create mode 100644 certs/common.c
create mode 100644 certs/common.h
create mode 100644 certs/revocation_certificates.S
base-commit: 19c329f6808995b142b3966301f217c831e7cf31
--
2.18.4