root/security/integrity/platform_certs/platform_keyring.c

DEFINITIONS

1. add_to_platform_keyring
2. platform_keyring_init

   1 // SPDX-License-Identifier: GPL-2.0+
   2 /*
   3  * Platform keyring for firmware/platform keys
   4  *
   5  * Copyright IBM Corporation, 2018
   6  * Author(s): Nayna Jain <nayna@linux.ibm.com>
   7  */
   8 
   9 #include <linux/export.h>
  10 #include <linux/kernel.h>
  11 #include <linux/sched.h>
  12 #include <linux/cred.h>
  13 #include <linux/err.h>
  14 #include <linux/slab.h>
  15 #include "../integrity.h"
  16 
  17 /**
  18  * add_to_platform_keyring - Add to platform keyring without validation.
  19  * @source: Source of key
  20  * @data: The blob holding the key
  21  * @len: The length of the data blob
  22  *
  23  * Add a key to the platform keyring without checking its trust chain.  This
  24  * is available only during kernel initialisation.
  25  */
  26 void __init add_to_platform_keyring(const char *source, const void *data,
  27                                     size_t len)
  28 {
  29         key_perm_t perm;
  30         int rc;
  31 
  32         perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW;
  33 
  34         rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len,
  35                                  perm);
  36         if (rc)
  37                 pr_info("Error adding keys to platform keyring %s\n", source);
  38 }
  39 
  40 /*
  41  * Create the trusted keyrings.
  42  */
  43 static __init int platform_keyring_init(void)
  44 {
  45         int rc;
  46 
  47         rc = integrity_init_keyring(INTEGRITY_KEYRING_PLATFORM);
  48         if (rc)
  49                 return rc;
  50 
  51         pr_notice("Platform Keyring initialized\n");
  52         return 0;
  53 }
  54 
  55 /*
  56  * Must be initialised before we try and load the keys into the keyring.
  57  */
  58 device_initcall(platform_keyring_init);