This is the fifth patch series for adding support for EFI_CERT_X509_GUID entries [1]. It has been expanded to not only include dbx entries but also entries in the mokx. Additionally my series to preload these certificate [2] has also been included. This series is based on v5.11-rc4. [1] https://patchwork.kernel.org/project/linux-security-module/patch/20200916004927.64276-1-eric.snowberg@xxxxxxxxxx/ [2] https://lore.kernel.org/patchwork/cover/1315485/ Eric Snowberg (4): certs: Add EFI_CERT_X509_GUID support for dbx entries certs: Move load_system_certificate_list to a common function certs: Add ability to preload revocation certs integrity: Load mokx variables into the blacklist keyring certs/Kconfig | 8 +++ certs/Makefile | 20 ++++++- certs/blacklist.c | 49 ++++++++++++++++ certs/blacklist.h | 12 ++++ certs/common.c | 56 +++++++++++++++++++ certs/common.h | 9 +++ certs/revocation_certificates.S | 21 +++++++ certs/system_keyring.c | 55 +++--------------- include/keys/system_keyring.h | 11 ++++ scripts/Makefile | 1 + .../platform_certs/keyring_handler.c | 11 ++++ security/integrity/platform_certs/load_uefi.c | 20 ++++++- 12 files changed, 222 insertions(+), 51 deletions(-) create mode 100644 certs/common.c create mode 100644 certs/common.h create mode 100644 certs/revocation_certificates.S base-commit: 19c329f6808995b142b3966301f217c831e7cf31 -- 2.18.4
