1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Platform keyring for firmware/platform keys 4 * 5 * Copyright IBM Corporation, 2018 6 * Author(s): Nayna Jain <nayna@linux.ibm.com> 7 */ 8 9 #include <linux/export.h> 10 #include <linux/kernel.h> 11 #include <linux/sched.h> 12 #include <linux/cred.h> 13 #include <linux/err.h> 14 #include <linux/slab.h> 15 #include "../integrity.h" 16 17 /** 18 * add_to_platform_keyring - Add to platform keyring without validation. 19 * @source: Source of key 20 * @data: The blob holding the key 21 * @len: The length of the data blob 22 * 23 * Add a key to the platform keyring without checking its trust chain. This 24 * is available only during kernel initialisation. 25 */ 26 void __init add_to_platform_keyring(const char *source, const void *data, 27 size_t len) 28 { 29 key_perm_t perm; 30 int rc; 31 32 perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW; 33 34 rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len, 35 perm); 36 if (rc) 37 pr_info("Error adding keys to platform keyring %s\n", source); 38 } 39 40 /* 41 * Create the trusted keyrings. 42 */ 43 static __init int platform_keyring_init(void) 44 { 45 int rc; 46 47 rc = integrity_init_keyring(INTEGRITY_KEYRING_PLATFORM); 48 if (rc) 49 return rc; 50 51 pr_notice("Platform Keyring initialized\n"); 52 return 0; 53 } 54 55 /* 56 * Must be initialised before we try and load the keys into the keyring. 57 */ 58 device_initcall(platform_keyring_init); 59