1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Machine keyring routines. 4 * 5 * Copyright (c) 2021, Oracle and/or its affiliates. 6 */ 7 8 #include "../integrity.h" 9 10 static __init int machine_keyring_init(void) 11 { 12 int rc; 13 14 rc = integrity_init_keyring(INTEGRITY_KEYRING_MACHINE); 15 if (rc) 16 return rc; 17 18 pr_notice("Machine keyring initialized\n"); 19 return 0; 20 } 21 device_initcall(machine_keyring_init); 22 23 void __init add_to_machine_keyring(const char *source, const void *data, size_t len) 24 { 25 key_perm_t perm; 26 int rc; 27 28 perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW; 29 rc = integrity_load_cert(INTEGRITY_KEYRING_MACHINE, source, data, len, perm); 30 31 /* 32 * Some MOKList keys may not pass the machine keyring restrictions. 33 * If the restriction check does not pass and the platform keyring 34 * is configured, try to add it into that keyring instead. 35 */ 36 if (rc && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) 37 rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, 38 data, len, perm); 39 40 if (rc) 41 pr_info("Error adding keys to machine keyring %s\n", source); 42 } 43