Allow MokListTrusted to be enabled by default - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Eric Snowberg <eric.snowberg@oracle.com>	2022-02-17 18:29:58 -0500
committer	Peter Jones <pjones@redhat.com>	2022-05-04 14:58:23 -0400
commit	2670c6a17edb239949152c471445fc533d8525aa (patch)
tree	02f664be337bf7da50d405077f8e96b2adb7056d /Cryptlib/OpenSSL/crypto
parent	6aac5959bbb6adbe5f061a7f95139ab794bcfda7 (diff)
download	efi-boot-shim-2670c6a17edb239949152c471445fc533d8525aa.tar.gz efi-boot-shim-2670c6a17edb239949152c471445fc533d8525aa.zip

Allow MokListTrusted to be enabled by default

Within previous versions of shim the MokListTrusted var did not exist. The user had to opt in to using the feature. Change the default behavior to an opt out model. Since old shims will not have the BS MokListTrusted set, use inverse logic that sets the MokListTrustedRT to 1 when the boot service variable is missing. Many Linux distros carry out of tree patches to trust the mok keys by default. These out of tree patches can be dropped when using a Linux kernel that supports MokListTrustedRT. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>

Diffstat (limited to 'Cryptlib/OpenSSL/crypto')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: