Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-23 04:31:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
9846d86031
linux/arch
History
Lenny Szubowicz 58c909022a efi: Support for MOK variable config table 
Because of system-specific EFI firmware limitations, EFI volatile
variables may not be capable of holding the required contents of
the Machine Owner Key (MOK) certificate store when the certificate
list grows above some size. Therefore, an EFI boot loader may pass
the MOK certs via a EFI configuration table created specifically for
this purpose to avoid this firmware limitation.

An EFI configuration table is a much more primitive mechanism
compared to EFI variables and is well suited for one-way passage
of static information from a pre-OS environment to the kernel.

This patch adds initial kernel support to recognize, parse,
and validate the EFI MOK configuration table, where named
entries contain the same data that would otherwise be provided
in similarly named EFI variables.

Additionally, this patch creates a sysfs binary file for each
EFI MOK configuration table entry found. These files are read-only
to root and are provided for use by user space utilities such as
mokutil.

A subsequent patch will load MOK certs into the trusted platform
key ring using this infrastructure.

Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com>
Link: https://lore.kernel.org/r/20200905013107.10457-2-lszubowi@redhat.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2020-09-16 18:53:42 +03:00
..
alpha iomap: constify ioreadX() iomem argument (as in generic implementation) 2020-08-14 19:56:57 -07:00
arc mm/gup: remove task_struct pointer for all gup code 2020-08-12 10:58:04 -07:00
arm efi/libstub: arm32: Base FDT and initrd placement on image address 2020-09-16 18:53:42 +03:00
arm64 efi/libstub: arm32: Base FDT and initrd placement on image address 2020-09-16 18:53:42 +03:00
c6x Merge branch 'work.regset' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 09:29:25 -07:00
csky mm/csky: use general page fault accounting 2020-08-12 10:58:03 -07:00
h8300 uaccess: remove segment_eq 2020-08-12 10:57:58 -07:00
hexagon mm/hexagon: use general page fault accounting 2020-08-12 10:58:03 -07:00
ia64 all arch: remove system call sys_sysctl 2020-08-14 19:56:56 -07:00
m68k Cleanup, SECCOMP_FILTER support, message printing fixes, and other 2020-08-15 18:50:32 -07:00
microblaze all arch: remove system call sys_sysctl 2020-08-14 19:56:56 -07:00
mips all arch: remove system call sys_sysctl 2020-08-14 19:56:56 -07:00
nds32 mm/nds32: use general page fault accounting 2020-08-12 10:58:03 -07:00
nios2 mm/nios2: use general page fault accounting 2020-08-12 10:58:03 -07:00
openrisc OpenRISC updates for 5.9 2020-08-14 14:04:53 -07:00
parisc parisc: fix PMD pages allocation by restoring pmd_alloc_one() 2020-08-16 10:53:13 -07:00
powerpc iomap: constify ioreadX() iomem argument (as in generic implementation) 2020-08-14 19:56:57 -07:00
riscv A RISC-V Fix for 5.9 2020-08-15 18:54:42 -07:00
s390 all arch: remove system call sys_sysctl 2020-08-14 19:56:56 -07:00
sh Cleanup, SECCOMP_FILTER support, message printing fixes, and other 2020-08-15 18:50:32 -07:00
sparc all arch: remove system call sys_sysctl 2020-08-14 19:56:56 -07:00
um Cleanup, SECCOMP_FILTER support, message printing fixes, and other 2020-08-15 18:50:32 -07:00
x86 efi: Support for MOK variable config table 2020-09-16 18:53:42 +03:00
xtensa all arch: remove system call sys_sysctl 2020-08-14 19:56:56 -07:00
.gitignore
Kconfig A set oftimekeeping/VDSO updates: 2020-08-14 14:26:08 -07:00