Skip to content
Snippets Groups Projects
Commit 087aa4ed authored by Eric Snowberg's avatar Eric Snowberg Committed by Jarkko Sakkinen
Browse files

KEYS: Introduce link restriction for machine keys 


Introduce a new link restriction that includes the trusted builtin,
secondary and machine keys. The restriction is based on the key to be
added being vouched for by a key in any of these three keyrings.

With the introduction of the machine keyring, the end-user may choose to
trust Machine Owner Keys (MOK) within the kernel. If they have chosen to
trust them, the .machine keyring will contain these keys.  If not, the
machine keyring will always be empty.  Update the restriction check to
allow the secondary trusted keyring to also trust machine keys.

Allow the .machine keyring to be linked to the secondary_trusted_keys.
After the link is created, keys contained in the .machine keyring will
automatically be searched when searching secondary_trusted_keys.

Suggested-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarEric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Tested-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
parent 56edb6c2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment