On Tue, 2021-10-19 at 14:25 -0400, Nayna wrote:

Gentle reminder for v3. Is this version good now for acceptance ?

Thanks & Regards,

      - Nayna

On 10/4/21 10:52 AM, Nayna Jain wrote:

quoted

Some firmware support secure boot by embedding static keys to verify the
Linux kernel during boot. However, these firmware do not expose an
interface for the kernel to load firmware keys onto ".platform" keyring.
This would prevent kernel signature verification on kexec.

For these environments, a new function load_builtin_platform_cert() is
defined to load compiled in certificates onto the ".platform" keyring.

load_certificate_list() is currently used for parsing compiled in
certificates to be loaded onto the .builtin or .blacklist keyrings.
Export load_certificate_list() allowing it to be used for parsing compiled
in ".platform" keyring certificates as well.

Reported-by: kernel test robot <redacted>(auto build test ERROR)
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
---
NOTE: I am wondering if we should split this patch into two:
(https://lore.kernel.org/linux-integrity/be4bd13d-659d-710d-08b9-1a34a65e5c5d@linux.vnet.ibm.com/ (local)).
I can do so if you also prefer the same.

Yes, splitting this patch would make it easier to review and upstream.

thanks,

Mimi