mirror of
https://github.com/torvalds/linux.git
synced 2024-12-13 06:32:50 +00:00
58c909022a
Because of system-specific EFI firmware limitations, EFI volatile variables may not be capable of holding the required contents of the Machine Owner Key (MOK) certificate store when the certificate list grows above some size. Therefore, an EFI boot loader may pass the MOK certs via a EFI configuration table created specifically for this purpose to avoid this firmware limitation. An EFI configuration table is a much more primitive mechanism compared to EFI variables and is well suited for one-way passage of static information from a pre-OS environment to the kernel. This patch adds initial kernel support to recognize, parse, and validate the EFI MOK configuration table, where named entries contain the same data that would otherwise be provided in similarly named EFI variables. Additionally, this patch creates a sysfs binary file for each EFI MOK configuration table entry found. These files are read-only to root and are provided for use by user space utilities such as mokutil. A subsequent patch will load MOK certs into the trusted platform key ring using this infrastructure. Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com> Link: https://lore.kernel.org/r/20200905013107.10457-2-lszubowi@redhat.com Signed-off-by: Ard Biesheuvel <ardb@kernel.org> |
||
|---|---|---|
| .. | ||
| arm_scmi | ||
| broadcom | ||
| efi | ||
| imx | ||
| meson | ||
| psci | ||
| smccc | ||
| tegra | ||
| xilinx | ||
| arm_scpi.c | ||
| arm_sdei.c | ||
| dmi_scan.c | ||
| dmi-id.c | ||
| dmi-sysfs.c | ||
| edd.c | ||
| iscsi_ibft_find.c | ||
| iscsi_ibft.c | ||
| Kconfig | ||
| Makefile | ||
| memmap.c | ||
| pcdp.c | ||
| pcdp.h | ||
| qcom_scm-legacy.c | ||
| qcom_scm-smc.c | ||
| qcom_scm.c | ||
| qcom_scm.h | ||
| qemu_fw_cfg.c | ||
| raspberrypi.c | ||
| scpi_pm_domain.c | ||
| stratix10-rsu.c | ||
| stratix10-svc.c | ||
| ti_sci.c | ||
| ti_sci.h | ||
| trusted_foundations.c | ||
| turris-mox-rwtm.c | ||