diff options
| author | Mike Beaton <mjsbeaton@gmail.com> | 2023-08-07 12:56:29 +0100 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2024-11-12 17:09:14 -0500 |
| commit | 74a1f29015f0b7f42d3803f533e47e8e598e523c (patch) | |
| tree | b231852ec09bed1fee0c51d7f95ca6d0a06dbf1a | |
| parent | e68f4caade95faa9949d91751f4660c738ea52ac (diff) | |
| download | efi-boot-shim-74a1f29015f0b7f42d3803f533e47e8e598e523c.tar.gz efi-boot-shim-74a1f29015f0b7f42d3803f533e47e8e598e523c.zip | |
Update MokVars.txt
- Update documented mirrored variable attributes from RT to BS,RT
- Add missing MokSBStateRT
- Clarify that MokIgnoreDB is a mirror of MokDBState
- Add missing attributes for MokPWStore
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
| -rw-r--r-- | MokVars.txt | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/MokVars.txt b/MokVars.txt index baf8db9a..71b42c82 100644 --- a/MokVars.txt +++ b/MokVars.txt @@ -63,28 +63,33 @@ State variables: MokList: A list of authorized keys and hashes. An EFI_SIGNATURE_LIST as described in the UEFI specification. BS,NV -MokListRT: A copy of MokList made available to the kernel at runtime. RT +MokListRT: A copy of MokList made available to the kernel at runtime. BS,RT MokListX: A list of forbidden keys and hashes. An EFI_SIGNATURE_LIST as described in the UEFI specification. BS,NV -MokListXRT: A copy of MokListX made available to the kernel at runtime. RT +MokListXRT: A copy of MokListX made available to the kernel at runtime. BS,RT MokSBState: An 8-bit unsigned integer. If 1, shim will switch to insecure mode. BS,NV +MokSBStateRT: A copy of MokSBState made available to the kernel at runtime. +This allows the OS to query the shim secure mode setting for its own +verification purposes. BS,RT + MokDBState: An 8-bit unsigned integer. If 1, shim will not use db for verification. BS,NV -MokIgnoreDB: An 8-bit unsigned integer. This allows the OS to query whether -or not to import DB certs for its own verification purposes. +MokIgnoreDB: A copy of MokDBState made available to the kernel at runtime. +This allows the OS to query whether or not to import DB certs for its own +verification purposes. BS,RT MokPWStore: A SHA-256 representation of the password set by the user via MokPW. The user will be prompted to enter this password in order -to interact with MokManager. +to interact with MokManager. BS,NV MokListTrusted: An 8-bit unsigned integer. If 1, it signifies to Linux to trust CA keys in the MokList. BS,NV MokListTrustedRT: A copy of MokListTrusted made available to the kernel -at runtime. RT +at runtime. BS,RT |