Hello, Let's make another attempt to fix this.
Last time I submitted patch there was one major problem with it (apart from less critical ones): if we rely on PGP signature and allow shim check to be skipped in favour of PGP verification, it is possible to enable PGP in unsigned config and circumvent shim signature check. We can put stronger requirement when PGP signature is trustworthy for kernel verification. Special "tainted" flag can be introduced, which initially has state "not tainted" and being set to "tainted" when PGP module has trusted key without verification (due to --skip-sig option of "trust" command or because enforce mode was not enabled prior to trusting key). This flag can be local to PGP module, so we can query it when we need to know it's state. What do you think? Is this approach looks sound to you? -- Best Regards, Vladislav Yarmak
