mirror of
https://github.com/torvalds/linux
synced 2024-10-08 04:12:40 +00:00
45fcd5e521
Currently both Secure Boot DB and Machine Owner Keys (MOK) go through the same keyring handler (get_handler_for_db). With the addition of the new machine keyring, the end-user may choose to trust MOK keys. Introduce a new keyring handler specific for MOK keys. If MOK keys are trusted by the end-user, use the new keyring handler instead. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
38 lines
957 B
C
38 lines
957 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef PLATFORM_CERTS_INTERNAL_H
|
|
#define PLATFORM_CERTS_INTERNAL_H
|
|
|
|
#include <linux/efi.h>
|
|
|
|
void blacklist_hash(const char *source, const void *data,
|
|
size_t len, const char *type,
|
|
size_t type_len);
|
|
|
|
/*
|
|
* Blacklist an X509 TBS hash.
|
|
*/
|
|
void blacklist_x509_tbs(const char *source, const void *data, size_t len);
|
|
|
|
/*
|
|
* Blacklist the hash of an executable.
|
|
*/
|
|
void blacklist_binary(const char *source, const void *data, size_t len);
|
|
|
|
/*
|
|
* Return the handler for particular signature list types found in the db.
|
|
*/
|
|
efi_element_handler_t get_handler_for_db(const efi_guid_t *sig_type);
|
|
|
|
/*
|
|
* Return the handler for particular signature list types found in the mok.
|
|
*/
|
|
efi_element_handler_t get_handler_for_mok(const efi_guid_t *sig_type);
|
|
|
|
/*
|
|
* Return the handler for particular signature list types found in the dbx.
|
|
*/
|
|
efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type);
|
|
|
|
#endif
|