diff options
| author | Simon J. Gerraty <sjg@FreeBSD.org> | 2019-06-26 23:33:32 +0000 |
|---|---|---|
| committer | Simon J. Gerraty <sjg@FreeBSD.org> | 2019-06-26 23:33:32 +0000 |
| commit | f9510887eeb5ad2eab96b48c41631886f8f33ad6 (patch) | |
| tree | b718b14ac9447df1e131cb6e7ab9030ca1d04fbc /lib/libsecureboot/libsecureboot-priv.h | |
| parent | 84322e3ee3b5ce7ad02a5939ac9dcc31c2b04190 (diff) | |
| download | src-f9510887eeb5ad2eab96b48c41631886f8f33ad6.tar.gz src-f9510887eeb5ad2eab96b48c41631886f8f33ad6.zip | |
libsecureboot: allow OpenPGP support to be dormant
Since we can now add OpenPGP trust anchors at runtime,
ensure the latent support is available.
Ensure we do not add duplicate keys to trust store.
Also allow reporting names of trust anchors added/revoked
We only do this for loader and only after initializing trust store.
Thus only changes to initial trust store will be logged.
Reviewed by: stevek
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20700
Notes
Notes:
svn path=/head/; revision=349446
Diffstat (limited to 'lib/libsecureboot/libsecureboot-priv.h')
| -rw-r--r-- | lib/libsecureboot/libsecureboot-priv.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/libsecureboot/libsecureboot-priv.h b/lib/libsecureboot/libsecureboot-priv.h index c6a90d2c7404..bdf0c5c0c9bb 100644 --- a/lib/libsecureboot/libsecureboot-priv.h +++ b/lib/libsecureboot/libsecureboot-priv.h @@ -56,6 +56,8 @@ int is_verified(struct stat *stp); void add_verify_status(struct stat *stp, int status); int openpgp_trust_init(void); +int openpgp_trust_add_buf(unsigned char *, size_t); +int openpgp_trust_revoke(const char *); int openpgp_self_tests(void); int efi_secure_boot_enabled(void); |