Hi David,
New keys can be added to the keyring by signing them with existing ones, and
existing ones come from UEFI or are compiled into the kernel. With this patch,
we can add the "compiled in" ones without recompiling the kernel. The scenario
is, a key is inserted into a stock kernel and the r
Mehmet Kayaalp wrote:
> Place a system_extra_cert buffer of configurable size, right after the
> system_certificate_list, so that inserted keys can be readily processed by
> the existing mechanism.
Do you have a particular use case for this?
David
--
To unsubscribe from this list: send the line
On Tue, 2015-11-24 at 16:18 -0500, Mehmet Kayaalp wrote:
> Place a system_extra_cert buffer of configurable size, right after the
> system_certificate_list, so that inserted keys can be readily processed by
> the existing mechanism. Added script takes a key file and a kernel image
> and inserts its
Place a system_extra_cert buffer of configurable size, right after the
system_certificate_list, so that inserted keys can be readily processed by
the existing mechanism. Added script takes a key file and a kernel image
and inserts its contents to the reserved area. The
system_certificate_list_size