integrity: Only use machine keyring when uefi_check_trust_mok_keys is true - linux.git - dakr's fork of kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

diff options

author	Eric Snowberg <eric.snowberg@oracle.com>	2022-01-25 21:58:34 -0500
committer	Jarkko Sakkinen <jarkko@kernel.org>	2022-03-08 13:55:52 +0200
commit	3d6ae1a5d0c2019d274284859f556dcb64aa98a7 (patch)
tree	adba80c2bffd87b1e986a0d0ecb93ba18407d3ba /security/integrity/ima
parent	74f5e30051399d60dbce4296dbfd833212df13f1 (diff)

integrity: Only use machine keyring when uefi_check_trust_mok_keys is true

With the introduction of uefi_check_trust_mok_keys, it signifies the end- user wants to trust the machine keyring as trusted keys. If they have chosen to trust the machine keyring, load the qualifying keys into it during boot, then link it to the secondary keyring . If the user has not chosen to trust the machine keyring, it will be empty and not linked to the secondary keyring. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Diffstat (limited to 'security/integrity/ima')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: