Add support for disabling signature verification - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Matthew Garrett <mjg@redhat.com>	2012-10-17 18:22:11 -0400
committer	Matthew Garrett <mjg@redhat.com>	2012-10-18 17:41:52 -0400
commit	c1faa462e03d3fd3c922e018de69fcf18f83f16a (patch)
tree	69ccb562f28c197e22fc83c6f26ef5908b76a71c /Cryptlib/Cryptlib.diff
parent	ed63bf1c0e7e8830217ae3baee45f407fb73d9e0 (diff)
download	efi-boot-shim-c1faa462e03d3fd3c922e018de69fcf18f83f16a.tar.gz efi-boot-shim-c1faa462e03d3fd3c922e018de69fcf18f83f16a.zip

Add support for disabling signature verification

Provide a mechanism for a physically present end user to disable signature verification. This is handled by the OS passing down a variable that contains a UINT32 and a SHA256 hash. If this variable is present, MokManager prompts the user to choose whether to enable or disable signature validation (depending on the value of the UINT32). They are then asked to type the passphrase that matches the hash. This then saves a boot services variable which is checked by shim, and if set will skip verification of signatures.

Diffstat (limited to 'Cryptlib/Cryptlib.diff')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: