On Fri, 2022-03-11 at 10:11 +0530, Nageswara Sastry wrote: > > > On 11/03/22 3:14 am, Nayna Jain wrote: > > Some firmware support secure boot by embedding static keys to verify the > > Linux kernel during boot. However, these firmware do not expose an > > interface for the kernel to load firmware keys onto the ".platform" > > keyring, preventing the kernel from verifying the kexec kernel image > > signature. > > > > This patchset exports load_certificate_list() and defines a new function > > load_builtin_platform_cert() to load compiled in certificates onto the > > ".platform" keyring. > > > > Changelog: > > v11: > > * Added a new patch to conditionally build extract-cert if > > PLATFORM_KEYRING is enabled. > > > > Tested the following four patches with and with out setting > CONFIG_INTEGRITY_PLATFORM_KEYS > > Tested-by: Nageswara R Sastry <rnsastry@xxxxxxxxxxxxx> OK, I added it: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git BR, Jarkko