niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
linux/arch/x86/kernel
History
Lenny Szubowicz 58c909022a efi: Support for MOK variable config table 
Because of system-specific EFI firmware limitations, EFI volatile
variables may not be capable of holding the required contents of
the Machine Owner Key (MOK) certificate store when the certificate
list grows above some size. Therefore, an EFI boot loader may pass
the MOK certs via a EFI configuration table created specifically for
this purpose to avoid this firmware limitation.

An EFI configuration table is a much more primitive mechanism
compared to EFI variables and is well suited for one-way passage
of static information from a pre-OS environment to the kernel.

This patch adds initial kernel support to recognize, parse,
and validate the EFI MOK configuration table, where named
entries contain the same data that would otherwise be provided
in similarly named EFI variables.

Additionally, this patch creates a sysfs binary file for each
EFI MOK configuration table entry found. These files are read-only
to root and are provided for use by user space utilities such as
mokutil.

A subsequent patch will load MOK certs into the trusted platform
key ring using this infrastructure.

Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com>
Link: https://lore.kernel.org/r/20200905013107.10457-2-lszubowi@redhat.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2020-09-16 18:53:42 +03:00
..
acpi mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
apic A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
cpu Misc fixes and small updates all around the place: 2020-08-15 10:38:03 -07:00
fpu Misc fixes and small updates all around the place: 2020-08-15 10:38:03 -07:00
kprobes Merge branch 'perf/vlbr' 2020-07-02 15:51:48 +02:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
alternative.c Misc fixes and small updates all around the place: 2020-08-15 10:38:03 -07:00
amd_gart_64.c docs: fix references for DMA*.txt files 2020-06-26 10:01:32 -06:00
amd_nb.c x86/amd_nb: Add AMD family 17h model 60h PCI IDs 2020-05-22 18:24:40 +02:00
apb_timer.c x86/apb_timer: Drop unused TSC calibration 2020-05-27 13:05:59 +02:00
aperture_64.c x86/gart: Exclude GART aperture from kcore 2019-03-23 12:11:49 +01:00
apm_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118 2019-05-24 17:39:02 +02:00
asm-offsets.c efi/x86: Avoid using code32_start 2020-03-08 09:58:17 +01:00
asm-offsets_32.c x86 entry code updates: 2020-03-30 19:14:28 -07:00
asm-offsets_64.c x86/entry: Remove DBn stacks 2020-06-11 15:15:23 +02:00
audit_64.c x86/audit: Fix a -Wmissing-prototypes warning for ia32_classify_syscall() 2020-05-19 18:03:07 +02:00
bootflag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
check.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
cpuid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 142 2019-05-30 11:25:17 -07:00
crash.c x86/crash: Correct the address boundary of function parameters 2020-08-07 01:32:00 +02:00
crash_core_32.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
crash_core_64.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
crash_dump_32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
crash_dump_64.c fs/core/vmcore: Move sev_active() reference to x86 arch code 2019-08-09 22:52:10 +10:00
devicetree.c x86/headers: Remove APIC headers from <asm/smp.h> 2020-08-06 16:13:09 +02:00
doublefault_32.c x86/entry: Convert double fault exception to IDTENTRY_DF 2020-06-11 15:15:03 +02:00
dumpstack.c Improve x86 debuggability: print registers with the same log level as the backtrace. 2020-08-03 17:00:00 -07:00
dumpstack_32.c x86/32: Remove CONFIG_DOUBLEFAULT 2020-04-14 14:24:05 +02:00
dumpstack_64.c x86/entry: Remove DBn stacks 2020-06-11 15:15:23 +02:00
e820.c Rebase locking/kcsan to locking/urgent 2020-06-11 20:02:46 +02:00
early-quirks.c x86/gpu: add RKL stolen memory support 2020-05-20 08:35:22 -07:00
early_printk.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
ebda.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
eisa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 243 2019-06-19 17:09:07 +02:00
espfix_64.c mm: introduce include/linux/pgtable.h 2020-06-09 09:39:13 -07:00
ftrace.c x86/ftrace: Do not jump to direct code in created trampolines 2020-06-29 11:42:48 -04:00
ftrace_32.S x86: Change {JMP,CALL}_NOSPEC argument 2020-04-30 20:14:34 +02:00
ftrace_64.S x86/ftrace: Do not jump to direct code in created trampolines 2020-06-29 11:42:48 -04:00
head32.c x86/boot: Mostly revert commit ae7e1238e6 ("Add ACPI RSDP address to setup_header") 2018-11-20 09:43:10 +01:00
head64.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
head_32.S x86/xen: remove 32-bit Xen PV guest support 2020-08-11 08:26:48 +02:00
head_64.S x86/entry: Remove the apic/BUILD interrupt leftovers 2020-06-11 15:15:16 +02:00
hpet.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
hw_breakpoint.c x86/entry: Optimize local_db_save() for virt 2020-06-11 15:15:22 +02:00
i8237.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
i8253.c x86/timer: Skip PIT initialization on modern chipsets 2019-06-29 11:35:35 +02:00
i8259.c x86/i8259: Use printk_deferred() to prevent deadlock 2020-07-29 16:27:16 +02:00
idt.c x86/idt: Make idt_descr static 2020-06-20 11:47:35 +02:00
ima_arch.c EFI updates for v5.7: 2020-02-26 15:21:22 +01:00
io_delay.c x86/io_delay: Define IO_DELAY macros in C instead of Kconfig 2019-05-24 08:46:06 +02:00
ioport.c x86/ioperm: Prevent a memory leak when fork fails 2020-05-28 21:36:20 +02:00
irq.c x86/entry: Convert KVM vectors to IDTENTRY_SYSVEC* 2020-06-11 15:15:15 +02:00
irq_32.c x86/irq: Rework handle_irq() for 64-bit 2020-06-11 15:15:12 +02:00
irq_64.c x86/entry/64: Move do_softirq_own_stack() to C 2020-06-11 15:15:07 +02:00
irq_work.c x86/entry: Convert various system vectors 2020-06-11 15:15:14 +02:00
irqflags.S x86/asm: Change all ENTRY+ENDPROC to SYM_FUNC_* 2019-10-18 11:58:33 +02:00
irqinit.c x86/headers: Remove APIC headers from <asm/smp.h> 2020-08-06 16:13:09 +02:00
itmt.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
jailhouse.c locking/seqlock, headers: Untangle the spaghetti monster 2020-08-06 16:13:13 +02:00
jump_label.c x86/jump_label: Move 'inline' keyword placement 2020-03-27 11:05:41 +01:00
kdebugfs.c x86/boot: Introduce setup_indirect 2019-11-12 16:21:15 +01:00
kexec-bzimage64.c x86/efi: Remove references to no-longer-used efi_have_uv1_memmap() 2020-07-17 16:47:47 +02:00
kgdb.c maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault 2020-06-17 10:57:41 -07:00
ksysfs.c x86/boot: Introduce setup_indirect 2019-11-12 16:21:15 +01:00
kvm.c s390: implement diag318 2020-08-06 12:59:31 -07:00
kvmclock.c x86/vdso: Use generic VDSO clock mode storage 2020-02-17 14:40:23 +01:00
ldt.c x86/ldt: use "pr_info_once()" instead of open-coding it badly 2020-07-05 12:50:20 -07:00
machine_kexec_32.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
machine_kexec_64.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
Makefile Rebase locking/kcsan to locking/urgent 2020-06-11 20:02:46 +02:00
mmconf-fam10h_64.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
module.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
mpparse.c A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
msr.c x86/msr: Filter MSR writes 2020-06-25 10:39:02 +02:00
nmi.c x86/entry: Fix NMI vs IRQ state tracking 2020-07-10 12:00:01 +02:00
nmi_selftest.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
paravirt-spinlocks.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
paravirt.c x86/ioperm: Fix io bitmap invalidation on Xen PV 2020-07-18 12:31:49 +02:00
paravirt_patch.c x86/paravirt: Standardize 'insn_buff' variable names 2019-04-29 16:05:49 +02:00
pci-dma.c dma-mapping updates for 5.5-rc1 2019-11-28 11:16:43 -08:00
pci-iommu_table.c x86/iommu: Use NULL instead of 0 2018-08-02 14:33:19 +02:00
pci-swiotlb.c dma-mapping: fix filename references 2019-09-03 08:36:30 +02:00
pcspeaker.c x86/platform/pcspeaker: Use PTR_ERR_OR_ZERO() to fix ptr_ret.cocci warning 2018-07-24 09:46:42 +02:00
perf_regs.c perf/x86/regs: Check reserved bits 2019-06-24 19:19:24 +02:00
platform-quirks.c x86/i8237: Register device based on FADT legacy boot flag 2018-04-27 16:44:29 +02:00
pmem.c resource: Provide resource struct in resource walk callback 2017-11-07 15:35:57 +01:00
probe_roms.c maccess: make get_kernel_nofault() check for minimal type compatibility 2020-06-18 12:10:37 -07:00
process.c Support for FSGSBASE. Almost 5 years after the first RFC to support it, 2020-08-04 21:16:22 -07:00
process.h x86: Use the correct SPDX License Identifier in headers 2019-10-01 20:31:35 +02:00
process_32.c x86/dumpstack: Add log_lvl to __show_regs() 2020-07-22 23:56:53 +02:00
process_64.c x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task 2020-08-14 13:30:18 -07:00
ptrace.c Merge branch 'work.regset' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 09:29:25 -07:00
pvclock.c x86/vdso: Use generic VDSO clock mode storage 2020-02-17 14:40:23 +01:00
quirks.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
reboot.c A set of fixes and updates for x86: 2020-06-11 15:54:31 -07:00
reboot_fixups_32.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
relocate_kernel_32.S x86/asm: Annotate relocate_kernel_{32,64}.c 2019-10-18 09:53:19 +02:00
relocate_kernel_64.S x86/kexec: Make relocate_kernel_64.S objtool clean 2020-03-25 18:28:28 +01:00
resource.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rtc.c x86: Convert x86_platform_ops to timespec64 2018-05-19 14:03:14 +02:00
setup.c efi: Support for MOK variable config table 2020-09-16 18:53:42 +03:00
setup_percpu.c x86/mm: remove vmalloc faulting 2020-06-02 10:59:12 -07:00
signal.c x86/entry: Use generic syscall exit functionality 2020-07-24 15:04:59 +02:00
signal_compat.c signal: Add TRAP_UNK si_code for undiagnosted trap exceptions 2018-04-25 10:40:56 -05:00
smp.c x86/entry: Convert reschedule interrupt to IDTENTRY_SYSVEC_SIMPLE 2020-06-11 15:15:16 +02:00
smpboot.c Misc changes: 2020-08-03 17:08:02 -07:00
stacktrace.c x86/stacktrace: Fix reliable check for empty user task stacks 2020-07-22 23:47:47 +02:00
step.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sys_ia32.c fork: fold legacy_clone_args_valid() into _do_fork() 2020-06-22 14:38:38 +02:00
sys_x86_64.c x86: Remove unneeded includes 2020-03-21 16:03:25 +01:00
sysfb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sysfb_efi.c x86/sysfb_efi: Add quirks for some devices with swapped width and height 2019-07-22 10:47:11 +02:00
sysfb_simplefb.c x86/sysfb: Fix check for bad VRAM size 2020-01-20 10:57:53 +01:00
tboot.c mmap locking API: add MMAP_LOCK_INITIALIZER 2020-06-09 09:39:14 -07:00
time.c A set of fixes and updates for x86: 2020-06-11 15:54:31 -07:00
tls.c x86: switch to ->regset_get() 2020-07-27 14:31:07 -04:00
tls.h x86: switch to ->regset_get() 2020-07-27 14:31:07 -04:00
topology.c x86/headers: Remove APIC headers from <asm/smp.h> 2020-08-06 16:13:09 +02:00
trace_clock.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tracepoint.c x86/entry: Convert reschedule interrupt to IDTENTRY_SYSVEC_SIMPLE 2020-06-11 15:15:16 +02:00
traps.c mm: remove unneeded includes of <asm/pgalloc.h> 2020-08-07 11:33:26 -07:00
tsc.c x86/tsc: Add tsc_early_khz command line parameter 2020-05-21 23:07:00 +02:00
tsc_msr.c Misc fixes and small updates all around the place: 2020-08-15 10:38:03 -07:00
tsc_sync.c x86: Fix a handful of typos 2020-02-16 20:58:06 +01:00
umip.c x86/umip: Make umip_insns static 2020-04-15 11:13:12 +02:00
unwind_frame.c fork-v5.9 2020-08-04 14:47:45 -07:00
unwind_guess.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
unwind_orc.c x86/unwind/orc: Fix ORC for newly forked tasks 2020-07-22 23:47:47 +02:00
uprobes.c x86/apic, x86/uprobes: Correct parameter names in kernel-doc comments 2019-10-27 09:00:28 +01:00
verify_cpu.S x86/asm: Annotate local pseudo-functions 2019-10-18 10:04:04 +02:00
vm86_32.c mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
vmlinux.lds.S x86, vmlinux.lds: Page-align end of ..page_aligned sections 2020-07-22 09:38:37 +02:00
vsmp_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 346 2019-06-05 17:37:08 +02:00
x86_init.c x86/kvm: Handle async page faults directly through do_page_fault() 2020-05-19 15:53:57 +02:00