integrity/platform_certs/platform_keyring.c

0001 // SPDX-License-Identifier: GPL-2.0+
0002 /*
0003  * Platform keyring for firmware/platform keys
0004  *
0005  * Copyright IBM Corporation, 2018
0006  * Author(s): Nayna Jain <nayna@linux.ibm.com>
0007  */
0008
0009 #include <linux/export.h>
0010 #include <linux/kernel.h>
0011 #include <linux/sched.h>
0012 #include <linux/cred.h>
0013 #include <linux/err.h>
0014 #include <linux/slab.h>
0015 #include "../integrity.h"
0016
0017 /**
0018  * add_to_platform_keyring - Add to platform keyring without validation.
0019  * @source: Source of key
0020  * @data: The blob holding the key
0021  * @len: The length of the data blob
0022  *
0023  * Add a key to the platform keyring without checking its trust chain.  This
0024  * is available only during kernel initialisation.
0025  */
0026 void __init add_to_platform_keyring(const char *source, const void *data,
0027                     size_t len)
0028 {
0029     key_perm_t perm;
0030     int rc;
0031
0032     perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW;
0033
0034     rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len,
0035                  perm);
0036     if (rc)
0037         pr_info("Error adding keys to platform keyring %s\n", source);
0038 }
0039
0040 /*
0041  * Create the trusted keyrings.
0042  */
0043 static __init int platform_keyring_init(void)
0044 {
0045     int rc;
0046
0047     rc = integrity_init_keyring(INTEGRITY_KEYRING_PLATFORM);
0048     if (rc)
0049         return rc;
0050
0051     pr_notice("Platform Keyring initialized\n");
0052     return 0;
0053 }
0054
0055 /*
0056  * Must be initialised before we try and load the keys into the keyring.
0057  */
0058 device_initcall(platform_keyring_init);