summaryrefslogtreecommitdiff
path: root/security/integrity/platform_certs/load_uefi.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/platform_certs/load_uefi.c')
-rw-r--r--security/integrity/platform_certs/load_uefi.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index f290f78c3f30..08b6d12f99b4 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -6,6 +6,7 @@
#include <linux/err.h>
#include <linux/efi.h>
#include <linux/slab.h>
+#include <linux/ima.h>
#include <keys/asymmetric-type.h>
#include <keys/system_keyring.h>
#include "../integrity.h"
@@ -176,6 +177,10 @@ static int __init load_uefi_certs(void)
kfree(dbx);
}
+ /* the MOK/MOKx can not be trusted when secure boot is disabled */
+ if (!arch_ima_get_secureboot())
+ return 0;
+
mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status);
if (!mokx) {
if (status == EFI_NOT_FOUND)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-26 11:45:26 +0000