linux/security/integrity
Eric Snowberg 74f5e30051 integrity: Trust MOK keys if MokListTrustedRT found
A new Machine Owner Key (MOK) variable called MokListTrustedRT has been
introduced in shim. When this UEFI variable is set, it indicates the
end-user has made the decision themselves that they wish to trust MOK keys
within the Linux trust boundary.  It is not an error if this variable
does not exist. If it does not exist, the MOK keys should not be trusted
within the kernel.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2022-03-08 13:55:52 +02:00
..
evm evm: mark evm_fixmode as __ro_after_init 2021-10-28 18:52:49 -04:00
ima ima: Do not print policy rule with inactive LSM labels 2022-02-02 11:59:54 -05:00
platform_certs integrity: Trust MOK keys if MokListTrustedRT found 2022-03-08 13:55:52 +02:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
digsig.c KEYS: store reference to machine keyring 2022-03-08 13:55:52 +02:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
integrity.h integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00
Kconfig integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00