platform_keyring.c (1364B)
1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Platform keyring for firmware/platform keys 4 * 5 * Copyright IBM Corporation, 2018 6 * Author(s): Nayna Jain <nayna@linux.ibm.com> 7 */ 8 9#include <linux/export.h> 10#include <linux/kernel.h> 11#include <linux/sched.h> 12#include <linux/cred.h> 13#include <linux/err.h> 14#include <linux/slab.h> 15#include "../integrity.h" 16 17/** 18 * add_to_platform_keyring - Add to platform keyring without validation. 19 * @source: Source of key 20 * @data: The blob holding the key 21 * @len: The length of the data blob 22 * 23 * Add a key to the platform keyring without checking its trust chain. This 24 * is available only during kernel initialisation. 25 */ 26void __init add_to_platform_keyring(const char *source, const void *data, 27 size_t len) 28{ 29 key_perm_t perm; 30 int rc; 31 32 perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW; 33 34 rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len, 35 perm); 36 if (rc) 37 pr_info("Error adding keys to platform keyring %s\n", source); 38} 39 40/* 41 * Create the trusted keyrings. 42 */ 43static __init int platform_keyring_init(void) 44{ 45 int rc; 46 47 rc = integrity_init_keyring(INTEGRITY_KEYRING_PLATFORM); 48 if (rc) 49 return rc; 50 51 pr_notice("Platform Keyring initialized\n"); 52 return 0; 53} 54 55/* 56 * Must be initialised before we try and load the keys into the keyring. 57 */ 58device_initcall(platform_keyring_init);