Enforce Machine Keyring CA Restrictions
configname: CONFIG_INTEGRITY_CA_MACHINE_KEYRING
Linux Kernel Configuration
└─>Security options
└─>Enforce Machine Keyring CA Restrictions
In linux kernel since version 4.14.326 (release Date: 2023-09-23)
The .machine keyring can be configured to enforce CA restriction
on any key added to it. By default no restrictions are in place
and all Machine Owner Keys (MOK) are added to the machine keyring.
If enabled only CA keys are added to the machine keyring, all
other MOK keys load into the platform keyring.
on any key added to it. By default no restrictions are in place
and all Machine Owner Keys (MOK) are added to the machine keyring.
If enabled only CA keys are added to the machine keyring, all
other MOK keys load into the platform keyring.