linux/security/integrity/platform_certs
Josh Boyer 386b49f51d efi: Allow the "db" UEFI variable to be suppressed
If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called
MokIgnoreDB. Have the uefi import code look for this and ignore the db
variable if it is found.

[zohar@linux.ibm.com: removed reference to "secondary" keyring comment]
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-12 22:09:10 -05:00
..
efi_parser.c efi: Add an EFI signature blob parser 2018-12-12 22:04:29 -05:00
load_uefi.c efi: Allow the "db" UEFI variable to be suppressed 2018-12-12 22:09:10 -05:00
platform_keyring.c integrity: Load certs to the platform keyring 2018-12-12 22:02:54 -05:00