Adding debian version 6.1.76-1.debian/6.1.76-1 debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 18:49:59 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 18:49:59 +0000
commit: 01997497f915e8f79871f3f2acb55ac465051d24 (patch)
tree: 1ce1afd7246e1014199e15cbf854bf7924458e5d /debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch
parent: Adding upstream version 6.1.76. (diff)
download: linux-debian.tar.xz
linux-debian.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch b/debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch
new file mode 100644
index 000000000..7c32a018f
--- /dev/null
+++ b/debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch
@@ -0,0 +1,16 @@
+Author: Luca Boccassi <bluca@debian.org>
+Description: trust machine keyring (MoK) by default
+ Debian always trusted keys in MoK by default. Upstream made it conditional on
+ a new EFI variable being set. To keep backward compatibility skip this check.
+--- a/security/integrity/platform_certs/machine_keyring.c
++++ b/security/integrity/platform_certs/machine_keyring.c
+@@ -69,8 +69,7 @@
+ 	if (!initialized) {
+ 		initialized = true;
+ 
+-		if (uefi_check_trust_mok_keys())
+-			trust_mok = true;
++		trust_mok = true;
+ 	}
+ 
+ 	return trust_mok;
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 18:49:59 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 18:49:59 +0000
commit	01997497f915e8f79871f3f2acb55ac465051d24 (patch)
tree	1ce1afd7246e1014199e15cbf854bf7924458e5d /debian/patches/features/all/db-mok-keyring/trust-machine-keyring-by-default.patch
parent	Adding upstream version 6.1.76. (diff)
download	linux-debian.tar.xz linux-debian.zip