Hi David,
New keys can be added to the keyring by signing them with existing ones, and
existing ones come from UEFI or are compiled into the kernel. With this patch,
we can add the "compiled in" ones without recompiling the kernel. The scenario
is, a key is inserted into a stock kernel and the
On Tue, 2015-11-24 at 16:18 -0500, Mehmet Kayaalp wrote:
> Place a system_extra_cert buffer of configurable size, right after the
> system_certificate_list, so that inserted keys can be readily processed by
> the existing mechanism. Added script takes a key file and a kernel image
> and inserts
Place a system_extra_cert buffer of configurable size, right after the
system_certificate_list, so that inserted keys can be readily processed by
the existing mechanism. Added script takes a key file and a kernel image
and inserts its contents to the reserved area. The
system_certificate_list_size