From 86c9d34380b0074dab1ba89a569a94280d6999c4 Mon Sep 17 00:00:00 2001
From: "tpearson@raptorengineering.com" <tpearson@raptorengineering.com>
Date: Thu, 18 Aug 2016 04:45:47 -0500
Subject: Add support for GPG signature enforcement on booted

kernels and related blobs

This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
---
 discover/Makefile.am | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'discover/Makefile.am')

diff --git a/discover/Makefile.am b/discover/Makefile.am
index 899c9a6..4a6cbd0 100644
--- a/discover/Makefile.am
+++ b/discover/Makefile.am
@@ -58,7 +58,8 @@ discover_pb_discover_LDADD = \
 	discover/grub2/grub2-parser.ro \
 	discover/platform.ro \
 	$(core_lib) \
-	$(UDEV_LIBS)
+	$(UDEV_LIBS) \
+	$(GPGME_LIBS)
 
 discover_pb_discover_LDFLAGS = \
 	$(AM_LDFLAGS) \
-- 
cgit v1.2.1