diff options
| author | Eric Snowberg <eric.snowberg@oracle.com> | 2022-01-26 05:58:34 +0300 |
|---|---|---|
| committer | Jarkko Sakkinen <jarkko@kernel.org> | 2022-03-08 14:55:52 +0300 |
| commit | 3d6ae1a5d0c2019d274284859f556dcb64aa98a7 (patch) | |
| tree | adba80c2bffd87b1e986a0d0ecb93ba18407d3ba /security/integrity/integrity.h | |
| parent | 74f5e30051399d60dbce4296dbfd833212df13f1 (diff) | |
| download | linux-3d6ae1a5d0c2019d274284859f556dcb64aa98a7.tar.xz | |
integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
With the introduction of uefi_check_trust_mok_keys, it signifies the end-
user wants to trust the machine keyring as trusted keys. If they have
chosen to trust the machine keyring, load the qualifying keys into it
during boot, then link it to the secondary keyring . If the user has not
chosen to trust the machine keyring, it will be empty and not linked to
the secondary keyring.
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security/integrity/integrity.h')
| -rw-r--r-- | security/integrity/integrity.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 730771eececd..2e214c761158 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -287,9 +287,14 @@ static inline void __init add_to_platform_keyring(const char *source, #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING void __init add_to_machine_keyring(const char *source, const void *data, size_t len); +bool __init trust_moklist(void); #else static inline void __init add_to_machine_keyring(const char *source, const void *data, size_t len) { } +static inline bool __init trust_moklist(void) +{ + return false; +} #endif |