forked from luck/tmp_suning_uos_patched
8220e22d11
The keys used to verify the Host OS kernel are managed by firmware as secure variables. This patch loads the verification keys into the .platform keyring and revocation hashes into .blacklist keyring. This enables verification and loading of the kernels signed by the boot time keys which are trusted by firmware. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Eric Richter <erichte@linux.ibm.com> [mpe: Search by compatible in load_powerpc_certs(), not using format] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/1573441836-3632-5-git-send-email-nayna@linux.ibm.com
22 lines
895 B
Makefile
22 lines
895 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for caching inode integrity data (iint)
|
|
#
|
|
|
|
obj-$(CONFIG_INTEGRITY) += integrity.o
|
|
|
|
integrity-y := iint.o
|
|
integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o
|
|
integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
|
|
integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o
|
|
integrity-$(CONFIG_INTEGRITY_PLATFORM_KEYRING) += platform_certs/platform_keyring.o
|
|
integrity-$(CONFIG_LOAD_UEFI_KEYS) += platform_certs/efi_parser.o \
|
|
platform_certs/load_uefi.o \
|
|
platform_certs/keyring_handler.o
|
|
integrity-$(CONFIG_LOAD_IPL_KEYS) += platform_certs/load_ipl_s390.o
|
|
integrity-$(CONFIG_LOAD_PPC_KEYS) += platform_certs/efi_parser.o \
|
|
platform_certs/load_powerpc.o \
|
|
platform_certs/keyring_handler.o
|
|
obj-$(CONFIG_IMA) += ima/
|
|
obj-$(CONFIG_EVM) += evm/
|