From df96f48f28fa94b62d06f39a3b014133dd38def5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 31 Mar 2022 16:19:53 -0400
Subject: Add MokPolicy variable and MOK_POLICY_REQUIRE_NX

This adds a new MoK variable, MokPolicy (&MokPolicyRT) that's intended
as a bitmask of machine owner policy choices, and the bit
MOK_POLICY_REQUIRE_NX.  This bit specifies whether it is permissible to
load binaries which do not support NX mitigations, and it currently
defaults to allowing such binaries to be loaded.

The broader intention here is to migrate all of the MoK policy variables
that are really just on/off flags to this variable.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 include/mok.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'include')

diff --git a/include/mok.h b/include/mok.h
index 6f99a105..fb19423b 100644
--- a/include/mok.h
+++ b/include/mok.h
@@ -100,5 +100,10 @@ struct mok_variable_config_entry {
 	UINT8 data[];
 };
 
+/*
+ * bit definitions for MokPolicy
+ */
+#define MOK_POLICY_REQUIRE_NX	1
+
 #endif /* !SHIM_MOK_H_ */
 // vim:fenc=utf-8:tw=75:noet
-- 
cgit v1.2.3