[PATCH v2 6/7] efi: Allow the "db" UEFI variable to be suppressed

James Morris jmorris at namei.org
Tue Dec 11 18:49:00 UTC 2018


On Sun, 9 Dec 2018, Nayna Jain wrote:

> From: Josh Boyer <jwboyer at fedoraproject.org>
> 
> If a user tells shim to not use the certs/hashes in the UEFI db variable
> for verification purposes, shim will set a UEFI variable called
> MokIgnoreDB. Have the uefi import code look for this and ignore the db
> variable if it is found.
> 
> Signed-off-by: Josh Boyer <jwboyer at fedoraproject.org>
> Signed-off-by: David Howells <dhowells at redhat.com>
> Acked-by: Nayna Jain <nayna at linux.ibm.com>
> Acked-by: Serge Hallyn <serge at hallyn.com>


Reviewed-by: James Morris <james.morris at microsoft.com>


-- 
James Morris
<jmorris at namei.org>



More information about the Linux-security-module-archive mailing list