19641b8ccSMartin Schwidefsky // SPDX-License-Identifier: GPL-2.0 29641b8ccSMartin Schwidefsky 39641b8ccSMartin Schwidefsky #include <linux/kernel.h> 49641b8ccSMartin Schwidefsky #include <linux/sched.h> 59641b8ccSMartin Schwidefsky #include <linux/cred.h> 69641b8ccSMartin Schwidefsky #include <linux/err.h> 79641b8ccSMartin Schwidefsky #include <linux/efi.h> 89641b8ccSMartin Schwidefsky #include <linux/slab.h> 99641b8ccSMartin Schwidefsky #include <keys/asymmetric-type.h> 109641b8ccSMartin Schwidefsky #include <keys/system_keyring.h> 119641b8ccSMartin Schwidefsky #include <asm/boot_data.h> 129641b8ccSMartin Schwidefsky #include "../integrity.h" 139641b8ccSMartin Schwidefsky 149641b8ccSMartin Schwidefsky /* 159641b8ccSMartin Schwidefsky * Load the certs contained in the IPL report created by the machine loader 169641b8ccSMartin Schwidefsky * into the platform trusted keyring. 179641b8ccSMartin Schwidefsky */ load_ipl_certs(void)189641b8ccSMartin Schwidefskystatic int __init load_ipl_certs(void) 199641b8ccSMartin Schwidefsky { 209641b8ccSMartin Schwidefsky void *ptr, *end; 219641b8ccSMartin Schwidefsky unsigned int len; 229641b8ccSMartin Schwidefsky 239641b8ccSMartin Schwidefsky if (!ipl_cert_list_addr) 249641b8ccSMartin Schwidefsky return 0; 25*979fe44aSAlexander Gordeev /* Copy the certificates to the platform keyring */ 26*979fe44aSAlexander Gordeev ptr = __va(ipl_cert_list_addr); 279641b8ccSMartin Schwidefsky end = ptr + ipl_cert_list_size; 289641b8ccSMartin Schwidefsky while ((void *) ptr < end) { 299641b8ccSMartin Schwidefsky len = *(unsigned int *) ptr; 309641b8ccSMartin Schwidefsky ptr += sizeof(unsigned int); 319641b8ccSMartin Schwidefsky add_to_platform_keyring("IPL:db", ptr, len); 329641b8ccSMartin Schwidefsky ptr += len; 339641b8ccSMartin Schwidefsky } 349641b8ccSMartin Schwidefsky return 0; 359641b8ccSMartin Schwidefsky } 369641b8ccSMartin Schwidefsky late_initcall(load_ipl_certs); 37