[PATCH v5 0/4] Add EFI_CERT_X509_GUID support for dbx/mokx entries

Eric Snowberg eric.snowberg at oracle.com
Fri Jan 22 18:10:50 UTC 2021


This is the fifth patch series for adding support for 
EFI_CERT_X509_GUID entries [1].  It has been expanded to not only include
dbx entries but also entries in the mokx.  Additionally my series to
preload these certificate [2] has also been included.

This series is based on v5.11-rc4.

[1] https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@oracle.com/
[2] https://lore.kernel.org/patchwork/cover/1315485/

Eric Snowberg (4):
  certs: Add EFI_CERT_X509_GUID support for dbx entries
  certs: Move load_system_certificate_list to a common function
  certs: Add ability to preload revocation certs
  integrity: Load mokx variables into the blacklist keyring

 certs/Kconfig                                 |  8 +++
 certs/Makefile                                | 20 ++++++-
 certs/blacklist.c                             | 49 ++++++++++++++++
 certs/blacklist.h                             | 12 ++++
 certs/common.c                                | 56 +++++++++++++++++++
 certs/common.h                                |  9 +++
 certs/revocation_certificates.S               | 21 +++++++
 certs/system_keyring.c                        | 55 +++---------------
 include/keys/system_keyring.h                 | 11 ++++
 scripts/Makefile                              |  1 +
 .../platform_certs/keyring_handler.c          | 11 ++++
 security/integrity/platform_certs/load_uefi.c | 20 ++++++-
 12 files changed, 222 insertions(+), 51 deletions(-)
 create mode 100644 certs/common.c
 create mode 100644 certs/common.h
 create mode 100644 certs/revocation_certificates.S


base-commit: 19c329f6808995b142b3966301f217c831e7cf31
-- 
2.18.4



More information about the Linux-security-module-archive mailing list