Re: [PATCH v2 6/7] efi: Allow the "db" UEFI variable to be suppressed

[PATCH v2 0/7] add platform/firmware keys support for kernel verification by IMA · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
[PATCH v2 1/7] integrity: Define a trusted platform keyring · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
[PATCH v2 1/7] integrity: Define a trusted platform keyring · Nayna Jain <nayna@linux.ibm.com> · 2018-12-09
Re: [PATCH v2 1/7] integrity: Define a trusted platform keyring · Thiago Jung Bauermann <hidden> · 2018-12-13
Re: [PATCH v2 1/7] integrity: Define a trusted platform keyring · James Morris <jmorris@namei.org> · 2018-12-11
[PATCH v2 2/7] integrity: Load certs to the platform keyring · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 2/7] integrity: Load certs to the platform keyring · James Morris <jmorris@namei.org> · 2018-12-11
Re: [PATCH v2 2/7] integrity: Load certs to the platform keyring · Thiago Jung Bauermann <hidden> · 2018-12-13
[PATCH v2 3/7] efi: Add EFI signature data types · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 3/7] efi: Add EFI signature data types · James Morris <jmorris@namei.org> · 2018-12-11
[PATCH v2 4/7] efi: Add an EFI signature blob parser · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
[PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot · James Morris <jmorris@namei.org> · 2018-12-11
Re: [PATCH v2 5/7] efi: Import certificates from UEFI Secure Boot · Nayna Jain <nayna@linux.ibm.com> · 2018-12-12
[PATCH v2a 5/7] efi: Import certificates from UEFI Secure Boot · Nayna Jain <nayna@linux.ibm.com> · 2018-12-12
[PATCH v2 6/7] efi: Allow the "db" UEFI variable to be suppressed · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 6/7] efi: Allow the "db" UEFI variable to be suppressed · James Morris <jmorris@namei.org> · 2018-12-11
[PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Nayna Jain <nayna@linux.ibm.com> · 2018-12-08
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · James Morris <jmorris@namei.org> · 2018-12-11
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Thiago Jung Bauermann <hidden> · 2018-12-12
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2018-12-13
Re: [PATCH v2 7/7] ima: Support platform keyring for kernel appraisal · Thiago Jung Bauermann <hidden> · 2018-12-13
Re: [PATCH v2 0/7] add platform/firmware keys support for kernel verification by IMA · Mimi Zohar <zohar@linux.ibm.com> · 2018-12-09

From: James Morris <jmorris@namei.org>
Date: 2018-12-11 18:49:31
Also in: kexec, keyrings, linux-efi, linux-integrity, lkml

On Sun, 9 Dec 2018, Nayna Jain wrote:

From: Josh Boyer <redacted>

If a user tells shim to not use the certs/hashes in the UEFI db variable
for verification purposes, shim will set a UEFI variable called
MokIgnoreDB. Have the uefi import code look for this and ignore the db
variable if it is found.

Signed-off-by: Josh Boyer <redacted>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>


Reviewed-by: James Morris <redacted>


-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help