git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Fri, 5 May 2017 07:21:56 +0000 (08:21 +0100)
committer	Seth Forshee <seth.forshee@canonical.com>
	Mon, 29 Jan 2018 13:45:03 +0000 (07:45 -0600)
commit	373b0cb17dcfba37918889d2320acd0b932cc4d1
tree	01ef0d0d373eb5f7683536bf46fb56392e874776	tree
parent	f80de0c35cc77cc0e46d9c3c4a16095a096b6ada	commit \| diff

UBUNTU: SAUCE: (efi-lockdown) KEYS: Allow unrestricted boot-time addition of keys to secondary keyring

Allow keys to be added to the system secondary certificates keyring during
kernel initialisation in an unrestricted fashion. Such keys are implicitly
trusted and don't have their trust chains checked on link.

This allows keys in the UEFI database to be added in secure boot mode for
the purposes of module signing.

Signed-off-by: David Howells <dhowells@redhat.com>
(cherry picked from commit 9ad18fe5e96752b7e39d9e7cc9be7a4aa81630b0
git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

certs/internal.h	[new file with mode: 0644]	blob
certs/system_keyring.c		diff \| blob \| blame \| history