integrity_load_cert() prints messages of the source and cert details
when adding certs as trusted. Mirror those messages in
uefi_revocation_list_x509() when adding certs as revoked.
Sample dmesg with this change:
integrity: Platform Keyring initialized
integrity: Loading X.509 certificate: UEFI:db
integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011:
13adbf4309bd82709c8cd54f316ed522988a1bd4'
integrity: Revoking X.509 certificate: UEFI:MokListXRT (MOKvar table)
blacklist: Revoked X.509 cert 'Canonical Ltd. Secure Boot Signing:
61482aa2830d0ab2ad5af10b7250da9033ddcef0'
integrity: Loading X.509 certificate: UEFI:MokListRT (MOKvar table)
integrity: Loaded X.509 cert 'Canonical Ltd. Master Certificate Authority:
ad91990bc22ab1f517048c23b6655a268e345a63'
BugLink: https://bugs.launchpad.net/bugs/1928679
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
if (IS_ERR(key)) {
pr_err("Problem with revocation key (%ld)\n", PTR_ERR(key));
return PTR_ERR(key);
+ } else {
+ pr_notice("Revoked X.509 cert '%s'\n",
+ key_ref_to_ptr(key)->description);
}
return 0;
static __init void uefi_revocation_list_x509(const char *source,
const void *data, size_t len)
{
+ pr_info("Revoking X.509 certificate: %s\n", source);
add_key_to_revocation_list(data, len);
}