Eric Snowberg 4cfb908054 KEYS: DigitalSignature link restriction ... Add a new link restriction. Restrict the addition of keys in a keyring based on the key having digitalSignature usage set. Additionally, verify the new certificate against the ones in the system keyrings. Add two additional functions to use the new restriction within either the builtin or secondary keyrings. [jarkko@kernel.org: Fix checkpatch.pl --strict issues] Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>		2023-08-17 20:12:20 +00:00
..
.gitignore	certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build	2022-06-15 21:52:32 +03:00
blacklist_hashes.c	certs: unify blacklist_hashes.c and blacklist_nohashes.c	2022-07-27 21:17:59 +09:00
blacklist.c	certs: don't try to update blacklist keys	2023-02-13 10:11:20 +02:00
blacklist.h	certs: Add EFI_CERT_X509_GUID support for dbx entries	2021-03-11 16:31:28 +00:00
check-blacklist-hashes.awk	certs: move scripts/check-blacklist-hashes.awk to certs/	2022-07-27 21:17:59 +09:00
default_x509.genkey	certs: check-in the default x509 config file	2021-12-11 22:09:14 +09:00
extract-cert.c	kbuild: do not print extra logs for V=2	2023-01-22 23:43:32 +09:00
Kconfig	certs: make system keyring depend on built-in x509 parser	2022-09-24 04:31:18 +09:00
Makefile	certs: Fix build error when PKCS#11 URI contains semicolon	2023-01-31 17:53:01 +09:00
revocation_certificates.S	certs: Add ability to preload revocation certs	2021-03-11 16:33:49 +00:00
system_certificates.S	certs: include certs/signing_key.x509 unconditionally	2022-03-03 08:16:19 +09:00
system_keyring.c	KEYS: DigitalSignature link restriction	2023-08-17 20:12:20 +00:00