It's base on the kernel patches of Fedora 20. This patch set add the support to MODSIGN mechanism for revoke kernel module by hash or public key. As MokListRT, EFI bootloader(e.g. shim) should maintain the MokListXRT container the format the same with dbx. The patches will check the hash of kernel module before load it. Lee, Chun-Yi (2): MODSIGN: check hash of kernel module in blacklist MODSIGN: load hash blacklist of modules from MOKx include/linux/efi.h | 12 ++++ kernel/modsign_uefi.c | 150 +++++++++++++++++++++++++++++++++++++++++++++- kernel/module-internal.h | 14 ++++ kernel/module.c | 9 +++- kernel/module_signing.c | 79 ++++++++++++++++++++++++ 5 files changed, 261 insertions(+), 3 deletions(-) _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
