f2c60e
From fb2ac204a70da565de9ef9a9d6d69a40c2d59727 Mon Sep 17 00:00:00 2001
f2c60e
From: David Howells <dhowells@redhat.com>
f2c60e
Date: Fri, 5 May 2017 08:21:56 +0100
f2c60e
Subject: [PATCH] KEYS: Allow unrestricted boot-time addition of keys to
f2c60e
 secondary keyring
f2c60e
f2c60e
Allow keys to be added to the system secondary certificates keyring during
f2c60e
kernel initialisation in an unrestricted fashion.  Such keys are implicitly
f2c60e
trusted and don't have their trust chains checked on link.
f2c60e
f2c60e
This allows keys in the UEFI database to be added in secure boot mode for
f2c60e
the purposes of module signing.
f2c60e
f2c60e
Signed-off-by: David Howells <dhowells@redhat.com>
f2c60e
---
f2c60e
 certs/internal.h       | 18 ++++++++++++++++++
f2c60e
 certs/system_keyring.c | 33 +++++++++++++++++++++++++++++++++
f2c60e
 2 files changed, 51 insertions(+)
f2c60e
 create mode 100644 certs/internal.h
f2c60e
f2c60e
diff --git a/certs/internal.h b/certs/internal.h
f2c60e
new file mode 100644
f2c60e
index 0000000..5dcbefb
f2c60e
--- /dev/null
f2c60e
+++ b/certs/internal.h
f2c60e
@@ -0,0 +1,18 @@
f2c60e
+/* Internal definitions
f2c60e
+ *
f2c60e
+ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
f2c60e
+ * Written by David Howells (dhowells@redhat.com)
f2c60e
+ *
f2c60e
+ * This program is free software; you can redistribute it and/or
f2c60e
+ * modify it under the terms of the GNU General Public Licence
f2c60e
+ * as published by the Free Software Foundation; either version
f2c60e
+ * 2 of the Licence, or (at your option) any later version.
f2c60e
+ */
f2c60e
+
f2c60e
+/*
f2c60e
+ * system_keyring.c
f2c60e
+ */
f2c60e
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
f2c60e
+extern void __init add_trusted_secondary_key(const char *source,
f2c60e
+					     const void *data, size_t len);
f2c60e
+#endif
f2c60e
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
f2c60e
index 6251d1b..5ac8ba6 100644
f2c60e
--- a/certs/system_keyring.c
f2c60e
+++ b/certs/system_keyring.c
f2c60e
@@ -18,6 +18,7 @@
f2c60e
 #include <keys/asymmetric-type.h>
f2c60e
 #include <keys/system_keyring.h>
f2c60e
 #include <crypto/pkcs7.h>
f2c60e
+#include "internal.h"
f2c60e
f2c60e
 static struct key *builtin_trusted_keys;
f2c60e
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
f2c60e
@@ -265,3 +266,35 @@ int verify_pkcs7_signature(const void *data, size_t len,
f2c60e
 EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
f2c60e
f2c60e
 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
f2c60e
+
f2c60e
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
f2c60e
+/**
f2c60e
+ * add_trusted_secondary_key - Add to secondary keyring with no validation
f2c60e
+ * @source: Source of key
f2c60e
+ * @data: The blob holding the key
f2c60e
+ * @len: The length of the data blob
f2c60e
+ *
f2c60e
+ * Add a key to the secondary keyring without checking its trust chain.  This
f2c60e
+ * is available only during kernel initialisation.
f2c60e
+ */
f2c60e
+void __init add_trusted_secondary_key(const char *source,
f2c60e
+				      const void *data, size_t len)
f2c60e
+{
f2c60e
+	key_ref_t key;
f2c60e
+
f2c60e
+	key = key_create_or_update(make_key_ref(secondary_trusted_keys, 1),
f2c60e
+				   "asymmetric",
f2c60e
+				   NULL, data, len,
f2c60e
+				   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
f2c60e
+				   KEY_USR_VIEW,
f2c60e
+				   KEY_ALLOC_NOT_IN_QUOTA |
f2c60e
+				   KEY_ALLOC_BYPASS_RESTRICTION);
f2c60e
+
f2c60e
+	if (IS_ERR(key))
f2c60e
+		pr_err("Problem loading %s X.509 certificate (%ld)\n",
f2c60e
+		       source, PTR_ERR(key));
f2c60e
+	else
f2c60e
+		pr_notice("Loaded %s cert '%s' linked to secondary sys keyring\n",
f2c60e
+			  source, key_ref_to_ptr(key)->description);
f2c60e
+}
f2c60e
+#endif /* CONFIG_SECONDARY_TRUSTED_KEYRING */
f2c60e
-- 
f2c60e
2.9.3
f2c60e