1 | // SPDX-License-Identifier: GPL-2.0+ |
---|---|
2 | /* |
3 | * Platform keyring for firmware/platform keys |
4 | * |
5 | * Copyright IBM Corporation, 2018 |
6 | * Author(s): Nayna Jain <nayna@linux.ibm.com> |
7 | */ |
8 | |
9 | #include <linux/export.h> |
10 | #include <linux/kernel.h> |
11 | #include <linux/sched.h> |
12 | #include <linux/cred.h> |
13 | #include <linux/err.h> |
14 | #include <linux/slab.h> |
15 | #include "../integrity.h" |
16 | |
17 | /** |
18 | * add_to_platform_keyring - Add to platform keyring without validation. |
19 | * @source: Source of key |
20 | * @data: The blob holding the key |
21 | * @len: The length of the data blob |
22 | * |
23 | * Add a key to the platform keyring without checking its trust chain. This |
24 | * is available only during kernel initialisation. |
25 | */ |
26 | void __init add_to_platform_keyring(const char *source, const void *data, |
27 | size_t len) |
28 | { |
29 | key_perm_t perm; |
30 | int rc; |
31 | |
32 | perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW; |
33 | |
34 | rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len, |
35 | perm); |
36 | if (rc) |
37 | pr_info("Error adding keys to platform keyring %s\n", source); |
38 | } |
39 | |
40 | /* |
41 | * Create the trusted keyrings. |
42 | */ |
43 | static __init int platform_keyring_init(void) |
44 | { |
45 | int rc; |
46 | |
47 | rc = integrity_init_keyring(INTEGRITY_KEYRING_PLATFORM); |
48 | if (rc) |
49 | return rc; |
50 | |
51 | pr_notice("Platform Keyring initialized\n"); |
52 | return 0; |
53 | } |
54 | |
55 | /* |
56 | * Must be initialised before we try and load the keys into the keyring. |
57 | */ |
58 | device_initcall(platform_keyring_init); |
59 |