git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Fri, 5 May 2017 07:21:56 +0000 (08:21 +0100)
committer	Seth Forshee <seth.forshee@canonical.com>
	Tue, 5 Sep 2017 12:34:07 +0000 (07:34 -0500)
commit	3463d73cb0c56175d7c79f3ad5889e3aa211550a
tree	d4bbbc924b4edb01c213e3646e6a151ccd3934bd	tree
parent	a1d0861062165d8c53b8b3eb4dad710300f633e5	commit \| diff

UBUNTU: SAUCE: (efi-lockdown) KEYS: Allow unrestricted boot-time addition of keys to secondary keyring

Allow keys to be added to the system secondary certificates keyring during
kernel initialisation in an unrestricted fashion. Such keys are implicitly
trusted and don't have their trust chains checked on link.

This allows keys in the UEFI database to be added in secure boot mode for
the purposes of module signing.

Signed-off-by: David Howells <dhowells@redhat.com>
(cherry picked from commit d2123d28abfa79a66af0fa42fcc4fa306bfda0b6
git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

certs/internal.h	[new file with mode: 0644]	blob
certs/system_keyring.c		diff \| blob \| blame \| history