Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
dracut.15536
0554-98integrity-support-X.509-only-EVM-configu...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0554-98integrity-support-X.509-only-EVM-configuration.patch of Package dracut.15536
From 16d52f692c2add82f54f712a7fc60885536dc39a Mon Sep 17 00:00:00 2001 From: Matthias Gerstner <matthias.gerstner@suse.de> Date: Wed, 24 Jan 2018 17:19:03 +0100 Subject: [PATCH 2/2] 98integrity: support X.509-only EVM configuration Previously if no symmetric key was configured for EVM, then the initialization process was aborted. It can be a valid use case, however, to only use EVM digital signatures. In this case only X.509 certificates need to be loaded. With this change EVM initialization will continue if any of the symmetric or X.509 keys could be loaded. --- modules.d/98integrity/evm-enable.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/modules.d/98integrity/evm-enable.sh b/modules.d/98integrity/evm-enable.sh index a3ba59fd..5a92b598 100755 --- a/modules.d/98integrity/evm-enable.sh +++ b/modules.d/98integrity/evm-enable.sh @@ -125,11 +125,18 @@ enable_evm() return 0 fi - # load the EVM encrypted key - load_evm_key || return 1 + local evm_configured + + # try to load the EVM encrypted key + load_evm_key && evm_configured=1 + + # try to load the EVM public key + load_evm_x509 && evm_configured=1 - # load the EVM public key, if it exists - load_evm_x509 + # only enable EVM if a key or x509 certificate could be loaded + if [ -z "$evm_configured" ]; then + return 1 + fi # initialize EVM info "Enabling EVM" -- 2.13.6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor