[UNSTABLE][PATCH 2/2] UBUNTU: SAUCE: integrity: add informational messages when revoking certs

[Krzysztof Kozlowski]

On 17/05/2021 09:18, Dimitri John Ledkov wrote:
> integrity_load_cert() prints messages of the source and cert details
> when adding certs as trusted. Mirror those messages in
> uefi_revocation_list_x509() when adding certs as revoked.
> 
> Sample dmesg with this change:
> 
>     integrity: Platform Keyring initialized
>     integrity: Loading X.509 certificate: UEFI:db
>     integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
>     integrity: Revoking X.509 certificate: UEFI:MokListXRT (MOKvar table)
>     blacklist: Revoked X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
>     integrity: Loading X.509 certificate: UEFI:MokListRT (MOKvar table)
>     integrity: Loaded X.509 cert 'Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63'
> 
> BugLink: https://bugs.launchpad.net/bugs/1928679
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
> ---
>  certs/blacklist.c                                   | 4 +++-
>  security/integrity/platform_certs/keyring_handler.c | 1 +
>  2 files changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/certs/blacklist.c b/certs/blacklist.c
> index c9a435b15af4..6a2afa84a5db 100644
> --- a/certs/blacklist.c
> +++ b/certs/blacklist.c
> @@ -172,7 +172,9 @@ int add_key_to_revocation_list(const char *data, size_t size)
>  	if (IS_ERR(key)) {
>  		pr_err("Problem with revocation key (%ld)\n", PTR_ERR(key));
>  		return PTR_ERR(key);
> -	}
> +	} else
> +		pr_notice("Revoked X.509 cert '%s'\n",
> +			  key_ref_to_ptr(key)->description);

You need {} for this arm. The same for upstream patch.


Best regards,
Krzysztof