From: tpearson@raptorengineering.com <tpearson@raptorengineering.com>
Date: Thu, 18 Aug 2016 09:45:47 +0000 (-0500)
Subject: Add support for GPG signature enforcement on booted
X-Git-Tag: v1.3.0~12
X-Git-Url: http://git.ozlabs.org/?p=petitboot;a=commitdiff_plain;h=86c9d34380b0074dab1ba89a569a94280d6999c4;hp=86c9d34380b0074dab1ba89a569a94280d6999c4

Add support for GPG signature enforcement on booted

kernels and related blobs

This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
---