[PATCH v2 6/7] efi: Allow the "db" UEFI variable to be suppressed
James Morris
jmorris at namei.org
Tue Dec 11 18:49:00 UTC 2018
On Sun, 9 Dec 2018, Nayna Jain wrote:
> From: Josh Boyer <jwboyer at fedoraproject.org>
>
> If a user tells shim to not use the certs/hashes in the UEFI db variable
> for verification purposes, shim will set a UEFI variable called
> MokIgnoreDB. Have the uefi import code look for this and ignore the db
> variable if it is found.
>
> Signed-off-by: Josh Boyer <jwboyer at fedoraproject.org>
> Signed-off-by: David Howells <dhowells at redhat.com>
> Acked-by: Nayna Jain <nayna at linux.ibm.com>
> Acked-by: Serge Hallyn <serge at hallyn.com>
Reviewed-by: James Morris <james.morris at microsoft.com>
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list