dbc4a9
From: Josh Boyer <jwboyer@fedoraproject.org>
dbc4a9
Date: Fri, 26 Oct 2012 12:36:24 -0400
dbc4a9
Subject: [PATCH] KEYS: Add a system blacklist keyring
dbc4a9
dbc4a9
This adds an additional keyring that is used to store certificates that
dbc4a9
are blacklisted.  This keyring is searched first when loading signed modules
dbc4a9
and if the module's certificate is found, it will refuse to load.  This is
dbc4a9
useful in cases where third party certificates are used for module signing.
dbc4a9
dbc4a9
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
dbc4a9
---
dbc4a9
 include/keys/system_keyring.h |  4 ++++
dbc4a9
 init/Kconfig                  |  9 +++++++++
dbc4a9
 kernel/module_signing.c       | 12 ++++++++++++
dbc4a9
 kernel/system_keyring.c       | 17 +++++++++++++++++
dbc4a9
 4 files changed, 42 insertions(+)
dbc4a9
dbc4a9
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
dbc4a9
index 72665eb80692..2c7b80d31366 100644
dbc4a9
--- a/include/keys/system_keyring.h
dbc4a9
+++ b/include/keys/system_keyring.h
dbc4a9
@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
dbc4a9
 }
dbc4a9
 #endif
dbc4a9
 
dbc4a9
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
dbc4a9
+extern struct key *system_blacklist_keyring;
dbc4a9
+#endif
dbc4a9
+
dbc4a9
 #endif /* _KEYS_SYSTEM_KEYRING_H */
dbc4a9
diff --git a/init/Kconfig b/init/Kconfig
dbc4a9
index 80a6907f91c5..dfdd7f738247 100644
dbc4a9
--- a/init/Kconfig
dbc4a9
+++ b/init/Kconfig
dbc4a9
@@ -1723,6 +1723,15 @@ config SYSTEM_TRUSTED_KEYRING
dbc4a9
 
dbc4a9
 	  Keys in this keyring are used by module signature checking.
dbc4a9
 
dbc4a9
+config SYSTEM_BLACKLIST_KEYRING
dbc4a9
+	bool "Provide system-wide ring of blacklisted keys"
dbc4a9
+	depends on KEYS
dbc4a9
+	help
dbc4a9
+	  Provide a system keyring to which blacklisted keys can be added.
dbc4a9
+	  Keys in the keyring are considered entirely untrusted.  Keys in this
dbc4a9
+	  keyring are used by the module signature checking to reject loading
dbc4a9
+	  of modules signed with a blacklisted key.
dbc4a9
+
dbc4a9
 config PROFILING
dbc4a9
 	bool "Profiling support"
dbc4a9
 	help
dbc4a9
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
dbc4a9
index be5b8fac4bd0..fed815fcdaf2 100644
dbc4a9
--- a/kernel/module_signing.c
dbc4a9
+++ b/kernel/module_signing.c
dbc4a9
@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
dbc4a9
 
dbc4a9
 	pr_debug("Look up: \"%s\"\n", id);
dbc4a9
 
dbc4a9
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
dbc4a9
+	key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
dbc4a9
+				   &key_type_asymmetric, id);
dbc4a9
+	if (!IS_ERR(key)) {
dbc4a9
+		/* module is signed with a cert in the blacklist.  reject */
dbc4a9
+		pr_err("Module key '%s' is in blacklist\n", id);
dbc4a9
+		key_ref_put(key);
dbc4a9
+		kfree(id);
dbc4a9
+		return ERR_PTR(-EKEYREJECTED);
dbc4a9
+	}
dbc4a9
+#endif
dbc4a9
+
dbc4a9
 	key = keyring_search(make_key_ref(system_trusted_keyring, 1),
dbc4a9
 			     &key_type_asymmetric, id);
dbc4a9
 	if (IS_ERR(key))
dbc4a9
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
dbc4a9
index 875f64e8935b..c15e93f5a418 100644
dbc4a9
--- a/kernel/system_keyring.c
dbc4a9
+++ b/kernel/system_keyring.c
dbc4a9
@@ -20,6 +20,9 @@
dbc4a9
 
dbc4a9
 struct key *system_trusted_keyring;
dbc4a9
 EXPORT_SYMBOL_GPL(system_trusted_keyring);
dbc4a9
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
dbc4a9
+struct key *system_blacklist_keyring;
dbc4a9
+#endif
dbc4a9
 
dbc4a9
 extern __initconst const u8 system_certificate_list[];
dbc4a9
 extern __initconst const unsigned long system_certificate_list_size;
dbc4a9
@@ -41,6 +44,20 @@ static __init int system_trusted_keyring_init(void)
dbc4a9
 		panic("Can't allocate system trusted keyring\n");
dbc4a9
 
dbc4a9
 	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
dbc4a9
+
dbc4a9
+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
dbc4a9
+	system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
dbc4a9
+				    KUIDT_INIT(0), KGIDT_INIT(0),
dbc4a9
+				    current_cred(),
dbc4a9
+				    (KEY_POS_ALL & ~KEY_POS_SETATTR) |
dbc4a9
+				    KEY_USR_VIEW | KEY_USR_READ,
dbc4a9
+				    KEY_ALLOC_NOT_IN_QUOTA, NULL);
dbc4a9
+	if (IS_ERR(system_blacklist_keyring))
dbc4a9
+		panic("Can't allocate system blacklist keyring\n");
dbc4a9
+
dbc4a9
+	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_blacklist_keyring->flags);
dbc4a9
+#endif
dbc4a9
+
dbc4a9
 	return 0;
dbc4a9
 }
dbc4a9
 
dbc4a9
-- 
dbc4a9
1.9.3
dbc4a9