On Fri, 2022-03-11 at 10:11 +0530, Nageswara Sastry wrote:
OK, I added it:
On 11/03/22 3:14 am, Nayna Jain wrote:
Some firmware support secure boot by embedding static keys to verify theTested the following four patches with and with out setting
Linux kernel during boot. However, these firmware do not expose an
interface for the kernel to load firmware keys onto the ".platform"
keyring, preventing the kernel from verifying the kexec kernel image
signature.
This patchset exports load_certificate_list() and defines a new function
load_builtin_platform_cert() to load compiled in certificates onto the
".platform" keyring.
Changelog:
v11:
* Added a new patch to conditionally build extract-cert if
PLATFORM_KEYRING is enabled.
CONFIG_INTEGRITY_PLATFORM_KEYS
Tested-by: Nageswara R Sastry <rnsastry@xxxxxxxxxxxxx>
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git