74f5e30051
A new Machine Owner Key (MOK) variable called MokListTrustedRT has been introduced in shim. When this UEFI variable is set, it indicates the end-user has made the decision themselves that they wish to trust MOK keys within the Linux trust boundary. It is not an error if this variable does not exist. If it does not exist, the MOK keys should not be trusted within the kernel. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> |
||
|---|---|---|
| .. | ||
| apparmor | ||
| bpf | ||
| integrity | ||
| keys | ||
| landlock | ||
| loadpin | ||
| lockdown | ||
| safesetid | ||
| selinux | ||
| smack | ||
| tomoyo | ||
| yama | ||
| commoncap.c | ||
| device_cgroup.c | ||
| inode.c | ||
| Kconfig | ||
| Kconfig.hardening | ||
| lsm_audit.c | ||
| Makefile | ||
| min_addr.c | ||
| security.c | ||