From: Bruno Meneguele on
gitlab.com
Merge Request:
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1127
This MR enable specific platform keys to be loaded in the integrity
platform
keyring (`.platform`). In the current state of the kernel the three
arches:
x86_64, aarch64, s390x, ppc, have the ability to pass their platform
(from
UEFI, IPL or PPC secur boot) enrolled keys to the system. With that,
I've
enabled the INTEGRITY_PLATFORM_KEYRING to the four platforms in both
RHEL
and Fedora and also their respective LOAD_*_KEYS.
With that, we are closer to upstream and also allow all platforms to
evolve
equaly during the next RHEL major release with Fedora users feedback.
56eef9231260 (Bruno Meneguele)
redhat: load specific ARCH keys to INTEGRITY_PLATFORM_KEYRING
66ed9a2826ba (Bruno Meneguele)
redhat: enable INTEGRITY_TRUSTED_KEYRING across all variants
b66b54c92054 (Bruno Meneguele)
redhat: enable SYSTEM_BLACKLIST_KEYRING across all variants
9a75ca99c03e (Bruno Meneguele)
redhat: enable INTEGRITY_ASYMMETRIC_KEYS across all variants