HomeFreeBSD

libsecureboot: allow OpenPGP support to be dormant

Description

libsecureboot: allow OpenPGP support to be dormant

Since we can now add OpenPGP trust anchors at runtime,
ensure the latent support is available.

Ensure we do not add duplicate keys to trust store.

Also allow reporting names of trust anchors added/revoked

We only do this for loader and only after initializing trust store.
Thus only changes to initial trust store will be logged.

Reviewed by: stevek
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20700

Details

Committed
sjgJun 26 2019, 11:33 PM
Reviewer
stevek
Differential Revision
D20700: libsecureboot: allow OpenPGP support to be dormant
Parents
rS349445: fusefs: tighten expectations in mmap tests
Branches
Unknown
Tags
Unknown