1
// SPDX-License-Identifier: GPL-2.0+
2
/*
3
 * Platform keyring for firmware/platform keys
4
 *
5
 * Copyright IBM Corporation, 2018
6
 * Author(s): Nayna Jain <[email protected]>
7
 */
8

9
#include <linux/export.h>
10
#include <linux/kernel.h>
11
#include <linux/sched.h>
12
#include <linux/cred.h>
13
#include <linux/err.h>
14
#include <linux/slab.h>
15
#include "../integrity.h"
16

17
/**
18
 * add_to_platform_keyring - Add to platform keyring without validation.
19
 * @source: Source of key
20
 * @data: The blob holding the key
21
 * @len: The length of the data blob
22
 *
23
 * Add a key to the platform keyring without checking its trust chain.  This
24
 * is available only during kernel initialisation.
25
 */
26
void __init add_to_platform_keyring(const char *source, const void *data,
27
				    size_t len)
28
{
29
	key_perm_t perm;
30
	int rc;
31

32
	perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW;
33

34
	rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len,
35
				 perm);
36
	if (rc)
37
		pr_info("Error adding keys to platform keyring %s\n", source);
38
}
39

40
/*
41
 * Create the trusted keyrings.
42
 */
43
static __init int platform_keyring_init(void)
44
{
45
	int rc;
46

47
	rc = integrity_init_keyring(INTEGRITY_KEYRING_PLATFORM);
48
	if (rc)
49
		return rc;
50

51
	pr_notice("Platform Keyring initialized\n");
52
	return 0;
53
}
54

55
/*
56
 * Must be initialised before we try and load the keys into the keyring.
57
 */
58
device_initcall(platform_keyring_init);
59

60