1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Platform keyring for firmware/platform keys 4 * 5 * Copyright IBM Corporation, 2018 6 * Author(s): Nayna Jain <nayna@linux.ibm.com> 7 */ 8 9 #include <linux/export.h> 10 #include <linux/kernel.h> 11 #include <linux/sched.h> 12 #include <linux/cred.h> 13 #include <linux/err.h> 14 #include <linux/slab.h> 15 #include "../integrity.h" 16 17 static struct key_acl platform_key_acl = { 18 .usage = REFCOUNT_INIT(1), 19 .nr_ace = 2, 20 .aces = { 21 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_READ), 22 KEY_OWNER_ACE(KEY_ACE_VIEW), 23 } 24 }; 25 26 /** 27 * add_to_platform_keyring - Add to platform keyring without validation. 28 * @source: Source of key 29 * @data: The blob holding the key 30 * @len: The length of the data blob 31 * 32 * Add a key to the platform keyring without checking its trust chain. This 33 * is available only during kernel initialisation. 34 */ 35 void __init add_to_platform_keyring(const char *source, const void *data, 36 size_t len) 37 { 38 int rc; 39 40 rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len, 41 &platform_key_acl); 42 if (rc) 43 pr_info("Error adding keys to platform keyring %s\n", source); 44 } 45 46 /* 47 * Create the trusted keyrings. 48 */ 49 static __init int platform_keyring_init(void) 50 { 51 int rc; 52 53 rc = integrity_init_keyring(INTEGRITY_KEYRING_PLATFORM); 54 if (rc) 55 return rc; 56 57 pr_notice("Platform Keyring initialized\n"); 58 return 0; 59 } 60 61 /* 62 * Must be initialised before we try and load the keys into the keyring. 63 */ 64 device_initcall(platform_keyring_init); 65