summaryrefslogtreecommitdiffstats
path: root/lib/security/gpg.c
Commit message (Collapse)AuthorAgeFilesLines
* Add encrypted file supporttpearson@raptorengineering.com2016-08-261-28/+264
| | | | | | | | | | | | In certain cases, such as network booting over an untrusted connection, it may be useful to fully encrypt and sign the kernel files. Enable fully encrypted boot using builtin keyring via the addition of the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file. This disables detached (plaintext) signature verification. Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* Add support for GPG signature enforcement on bootedtpearson@raptorengineering.com2016-08-261-0/+337
kernels and related blobs This can be used to implement a form of organization-controlled secure boot, whereby kernels may be loaded from a variety of sources but they will only boot if a valid signature file is found for each component, and only if the signature is listed in the /etc/pb-lockdown file. Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> (Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
OpenPOWER on IntegriCloud