| 1 | // SPDX-License-Identifier: GPL-2.0 |
|---|---|
| 2 | |
| 3 | #include <linux/kernel.h> |
| 4 | #include <linux/sched.h> |
| 5 | #include <linux/cred.h> |
| 6 | #include <linux/err.h> |
| 7 | #include <linux/efi.h> |
| 8 | #include <linux/slab.h> |
| 9 | #include <keys/asymmetric-type.h> |
| 10 | #include <keys/system_keyring.h> |
| 11 | #include <asm/boot_data.h> |
| 12 | #include "../integrity.h" |
| 13 | |
| 14 | /* |
| 15 | * Load the certs contained in the IPL report created by the machine loader |
| 16 | * into the platform trusted keyring. |
| 17 | */ |
| 18 | static int __init load_ipl_certs(void) |
| 19 | { |
| 20 | void *ptr, *end; |
| 21 | unsigned int len; |
| 22 | |
| 23 | if (!ipl_cert_list_addr) |
| 24 | return 0; |
| 25 | /* Copy the certificates to the platform keyring */ |
| 26 | ptr = __va(ipl_cert_list_addr); |
| 27 | end = ptr + ipl_cert_list_size; |
| 28 | while ((void *) ptr < end) { |
| 29 | len = *(unsigned int *) ptr; |
| 30 | ptr += sizeof(unsigned int); |
| 31 | add_to_platform_keyring(source: "IPL:db", data: ptr, len); |
| 32 | ptr += len; |
| 33 | } |
| 34 | return 0; |
| 35 | } |
| 36 | late_initcall(load_ipl_certs); |
| 37 |