[PATCH RFC 09/12] integrity: accessor function to get trust_moklist

Eric Snowberg eric.snowberg at oracle.com
Wed Jul 7 02:44:00 UTC 2021


Add an accessor function to see if the mok list should be trusted.

Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
---
 security/integrity/integrity.h                  | 5 +++++
 security/integrity/platform_certs/mok_keyring.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 68720fa6454f..a5f7af825f9b 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -285,6 +285,7 @@ void __init add_to_platform_keyring(const char *source, const void *data,
 				    size_t len);
 void __init destroy_mok_keyring(void);
 void __init add_to_mok_keyring(const char *source, const void *data, size_t len);
+bool __init trust_moklist(void);
 #else
 static inline void __init add_to_platform_keyring(const char *source,
 						  const void *data, size_t len)
@@ -296,4 +297,8 @@ static inline void __init destroy_mok_keyring(void)
 void __init add_to_mok_keyring(const char *source, const void *data, size_t len)
 {
 }
+static inline bool __init trust_moklist(void)
+{
+	return false;
+}
 #endif
diff --git a/security/integrity/platform_certs/mok_keyring.c b/security/integrity/platform_certs/mok_keyring.c
index a5644a8a834c..7d23772a1135 100644
--- a/security/integrity/platform_certs/mok_keyring.c
+++ b/security/integrity/platform_certs/mok_keyring.c
@@ -83,3 +83,8 @@ static __init int mok_keyring_trust_setup(void)
 }
 
 late_initcall(mok_keyring_trust_setup);
+
+bool __init trust_moklist(void)
+{
+	return trust_mok;
+}
-- 
2.18.4



More information about the Linux-security-module-archive mailing list