diff options
| author | Kairui Song <[email protected]> | 2019-01-21 17:59:28 +0800 |
|---|---|---|
| committer | Mimi Zohar <[email protected]> | 2019-02-04 17:29:19 -0500 |
| commit | 219a3e8676f3132d27b530c7d2d6bcab89536b57 (patch) | |
| tree | a79baecc80144b604d059a6828057210c7a06b9e /certs | |
| parent | 2181e084b26bddca22bc3f23364c15809cfed28b (diff) | |
integrity, KEYS: add a reference to platform keyring
commit 9dc92c45177a ("integrity: Define a trusted platform keyring")
introduced a .platform keyring for storing preboot keys, used for
verifying kernel image signatures. Currently only IMA-appraisal is able
to use the keyring to verify kernel images that have their signature
stored in xattr.
This patch exposes the .platform keyring, making it accessible for
verifying PE signed kernel images as well.
Suggested-by: Mimi Zohar <[email protected]>
Signed-off-by: Kairui Song <[email protected]>
Cc: David Howells <[email protected]>
[[email protected]: fixed checkpatch errors, squashed with patch fix]
Signed-off-by: Mimi Zohar <[email protected]>
Diffstat (limited to 'certs')
| -rw-r--r-- | certs/system_keyring.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 81728717523d..da055e901df4 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -24,6 +24,9 @@ static struct key *builtin_trusted_keys; #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING static struct key *secondary_trusted_keys; #endif +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING +static struct key *platform_trusted_keys; +#endif extern __initconst const u8 system_certificate_list[]; extern __initconst const unsigned long system_certificate_list_size; @@ -266,3 +269,10 @@ error: EXPORT_SYMBOL_GPL(verify_pkcs7_signature); #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ + +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING +void __init set_platform_trusted_keys(struct key *keyring) +{ + platform_trusted_keys = keyring; +} +#endif |