[PATCH v5 12/12] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
Jarkko Sakkinen
jarkko at kernel.org
Thu Sep 9 13:58:52 UTC 2021
On Tue, 2021-09-07 at 12:01 -0400, Eric Snowberg wrote:
> With the introduction of uefi_check_trust_mok_keys, it signifies the end-
> user wants to trust the machine keyring as trusted keys. If they have
> chosen to trust the machine keyring, load the qualifying keys into it
> during boot, then link it to the secondary keyring . If the user has not
> chosen to trust the machine keyring, it will be empty and not linked to
> the secondary keyring.
>
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
I would not worry too much applying the code changes if the story
part made sense (to *almost anyone*) in the cover letter.
/Jarkko
More information about the Linux-security-module-archive
mailing list