Add MokPolicy variable and MOK_POLICY_REQUIRE_NX

This adds a new MoK variable, MokPolicy (&MokPolicyRT) that's intended as a bitmask of machine owner policy choices, and the bit MOK_POLICY_REQUIRE_NX. This bit specifies whether it is permissible to load binaries which do not support NX mitigations, and it currently defaults to allowing such binaries to be loaded. The broader intention here is to migrate all of the MoK policy variables that are really just on/off flags to this variable. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2022-03-31 16:19:53 -0400
committer: Peter Jones <pjones@redhat.com> 2022-05-17 19:01:03 -0400
commit: df96f48f28fa94b62d06f39a3b014133dd38def5 (patch)
tree: 31e8dc150efa36e57aaa263f18149e4867d6cb42 /include
parent: 226fee25ffcbd29988399ba080c7706eb1d52251 (diff)
download: efi-boot-shim-df96f48f28fa94b62d06f39a3b014133dd38def5.tar.gz
efi-boot-shim-df96f48f28fa94b62d06f39a3b014133dd38def5.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/include/mok.h b/include/mok.h
index 6f99a105..fb19423b 100644
--- a/include/mok.h
+++ b/include/mok.h
@@ -100,5 +100,10 @@ struct mok_variable_config_entry {
 	UINT8 data[];
 };
 
+/*
+ * bit definitions for MokPolicy
+ */
+#define MOK_POLICY_REQUIRE_NX	1
+
 #endif /* !SHIM_MOK_H_ */
 // vim:fenc=utf-8:tw=75:noet
author	Peter Jones <pjones@redhat.com>	2022-03-31 16:19:53 -0400
committer	Peter Jones <pjones@redhat.com>	2022-05-17 19:01:03 -0400
commit	df96f48f28fa94b62d06f39a3b014133dd38def5 (patch)
tree	31e8dc150efa36e57aaa263f18149e4867d6cb42 /include
parent	226fee25ffcbd29988399ba080c7706eb1d52251 (diff)
download	efi-boot-shim-df96f48f28fa94b62d06f39a3b014133dd38def5.tar.gz efi-boot-shim-df96f48f28fa94b62d06f39a3b014133dd38def5.zip