Re: [PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
From: Aditya Garg <gargaditya08@xxxxxxxx>
Date: Wed, 13 Apr 2022 14:03:22 +0000
Accept-language: en-US
Cc: "jarkko@xxxxxxxxxx" <jarkko@xxxxxxxxxx>, "dmitry.kasatkin@xxxxxxxxx" <dmitry.kasatkin@xxxxxxxxx>, "jmorris@xxxxxxxxx" <jmorris@xxxxxxxxx>, "serge@xxxxxxxxxx" <serge@xxxxxxxxxx>, "ast@xxxxxxxxxx" <ast@xxxxxxxxxx>, "daniel@xxxxxxxxxxxxx" <daniel@xxxxxxxxxxxxx>, "andrii@xxxxxxxxxx" <andrii@xxxxxxxxxx>, "kafai@xxxxxx" <kafai@xxxxxx>, "songliubraving@xxxxxx" <songliubraving@xxxxxx>, "yhs@xxxxxx" <yhs@xxxxxx>, "john.fastabend@xxxxxxxxx" <john.fastabend@xxxxxxxxx>, "kpsingh@xxxxxxxxxx" <kpsingh@xxxxxxxxxx>, "linux-integrity@xxxxxxxxxxxxxxx" <linux-integrity@xxxxxxxxxxxxxxx>, "keyrings@xxxxxxxxxxxxxxx" <keyrings@xxxxxxxxxxxxxxx>, "linux-security-module@xxxxxxxxxxxxxxx" <linux-security-module@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "netdev@xxxxxxxxxxxxxxx" <netdev@xxxxxxxxxxxxxxx>, "bpf@xxxxxxxxxxxxxxx" <bpf@xxxxxxxxxxxxxxx>, Orlando Chamberlain <redecorating@xxxxxxxxxxxxxx>, "admin@xxxxxxxxxx" <admin@xxxxxxxxxx>, "stable@xxxxxxxxxxxxxxx" <stable@xxxxxxxxxxxxxxx>
In-reply-to: <6545f8241f3d41dd0f55997bfb85ad0de9f1c3e3.camel@linux.ibm.com>
Thread-index: AQHYToykbBmBCQ6Dr0qfXL8vw1ISnazshQAAgAFcXAA=
Thread-topic: [PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs

> 
> Both the comment here and the patch description above still needs to be
> improved. Perhaps something along these lines.
Checkout v5
> 
> Secure boot on Apple Macs with a T2 Security chip cannot read either
> the EFI variables or the certificates stored in different db's (e.g.
> db, dbx, MokListXRT). Attempting to read them causes ... 
> 
> Avoid reading the EFI variables or the certificates stored in different
> dbs. As a result, without certificates secure boot signature
> verification fails.
> 
> thanks,
> 
> Mimi
> 
>

References:
- [PATCH v3 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
  - From: Aditya Garg
- [PATCH v4] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
  - From: Aditya Garg
- [PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
  - From: Aditya Garg
- Re: [PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
  - From: Mimi Zohar

Prev by Date: [PATCH bpf-next v5 6/6] bpf: Allow the new syncookie helpers to work with SKBs
Next by Date: [PATCH v5] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Previous by thread: Re: [PATCH v4 RESEND] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Next by thread: [PATCH v5] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Index(es):
- Date
- Thread

[Index of Archives] [Linux Samsung SoC] [Linux Rockchip SoC] [Linux Actions SoC] [Linux for Synopsys ARC Processors] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]