e336be
From fb2ac204a70da565de9ef9a9d6d69a40c2d59727 Mon Sep 17 00:00:00 2001
e336be
From: David Howells <dhowells@redhat.com>
e336be
Date: Fri, 5 May 2017 08:21:56 +0100
e336be
Subject: [PATCH] KEYS: Allow unrestricted boot-time addition of keys to
e336be
 secondary keyring
e336be
e336be
Allow keys to be added to the system secondary certificates keyring during
e336be
kernel initialisation in an unrestricted fashion.  Such keys are implicitly
e336be
trusted and don't have their trust chains checked on link.
e336be
e336be
This allows keys in the UEFI database to be added in secure boot mode for
e336be
the purposes of module signing.
e336be
e336be
Signed-off-by: David Howells <dhowells@redhat.com>
e336be
---
e336be
 certs/internal.h       | 18 ++++++++++++++++++
e336be
 certs/system_keyring.c | 33 +++++++++++++++++++++++++++++++++
e336be
 2 files changed, 51 insertions(+)
e336be
 create mode 100644 certs/internal.h
e336be
e336be
diff --git a/certs/internal.h b/certs/internal.h
e336be
new file mode 100644
e336be
index 0000000..5dcbefb
e336be
--- /dev/null
e336be
+++ b/certs/internal.h
e336be
@@ -0,0 +1,18 @@
e336be
+/* Internal definitions
e336be
+ *
e336be
+ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
e336be
+ * Written by David Howells (dhowells@redhat.com)
e336be
+ *
e336be
+ * This program is free software; you can redistribute it and/or
e336be
+ * modify it under the terms of the GNU General Public Licence
e336be
+ * as published by the Free Software Foundation; either version
e336be
+ * 2 of the Licence, or (at your option) any later version.
e336be
+ */
e336be
+
e336be
+/*
e336be
+ * system_keyring.c
e336be
+ */
e336be
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
e336be
+extern void __init add_trusted_secondary_key(const char *source,
e336be
+					     const void *data, size_t len);
e336be
+#endif
e336be
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
e336be
index 6251d1b..5ac8ba6 100644
e336be
--- a/certs/system_keyring.c
e336be
+++ b/certs/system_keyring.c
e336be
@@ -18,6 +18,7 @@
e336be
 #include <keys/asymmetric-type.h>
e336be
 #include <keys/system_keyring.h>
e336be
 #include <crypto/pkcs7.h>
e336be
+#include "internal.h"
e336be
e336be
 static struct key *builtin_trusted_keys;
e336be
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
e336be
@@ -265,3 +266,35 @@ int verify_pkcs7_signature(const void *data, size_t len,
e336be
 EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
e336be
e336be
 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
e336be
+
e336be
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
e336be
+/**
e336be
+ * add_trusted_secondary_key - Add to secondary keyring with no validation
e336be
+ * @source: Source of key
e336be
+ * @data: The blob holding the key
e336be
+ * @len: The length of the data blob
e336be
+ *
e336be
+ * Add a key to the secondary keyring without checking its trust chain.  This
e336be
+ * is available only during kernel initialisation.
e336be
+ */
e336be
+void __init add_trusted_secondary_key(const char *source,
e336be
+				      const void *data, size_t len)
e336be
+{
e336be
+	key_ref_t key;
e336be
+
e336be
+	key = key_create_or_update(make_key_ref(secondary_trusted_keys, 1),
e336be
+				   "asymmetric",
e336be
+				   NULL, data, len,
e336be
+				   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
e336be
+				   KEY_USR_VIEW,
e336be
+				   KEY_ALLOC_NOT_IN_QUOTA |
e336be
+				   KEY_ALLOC_BYPASS_RESTRICTION);
e336be
+
e336be
+	if (IS_ERR(key))
e336be
+		pr_err("Problem loading %s X.509 certificate (%ld)\n",
e336be
+		       source, PTR_ERR(key));
e336be
+	else
e336be
+		pr_notice("Loaded %s cert '%s' linked to secondary sys keyring\n",
e336be
+			  source, key_ref_to_ptr(key)->description);
e336be
+}
e336be
+#endif /* CONFIG_SECONDARY_TRUSTED_KEYRING */
e336be
-- 
e336be
2.9.3
e336be