8c64d2
From fb2ac204a70da565de9ef9a9d6d69a40c2d59727 Mon Sep 17 00:00:00 2001
8c64d2
From: David Howells <dhowells@redhat.com>
8c64d2
Date: Fri, 5 May 2017 08:21:56 +0100
8c64d2
Subject: [PATCH] KEYS: Allow unrestricted boot-time addition of keys to
8c64d2
 secondary keyring
8c64d2
8c64d2
Allow keys to be added to the system secondary certificates keyring during
8c64d2
kernel initialisation in an unrestricted fashion.  Such keys are implicitly
8c64d2
trusted and don't have their trust chains checked on link.
8c64d2
8c64d2
This allows keys in the UEFI database to be added in secure boot mode for
8c64d2
the purposes of module signing.
8c64d2
8c64d2
Signed-off-by: David Howells <dhowells@redhat.com>
8c64d2
---
8c64d2
 certs/internal.h       | 18 ++++++++++++++++++
8c64d2
 certs/system_keyring.c | 33 +++++++++++++++++++++++++++++++++
8c64d2
 2 files changed, 51 insertions(+)
8c64d2
 create mode 100644 certs/internal.h
8c64d2
8c64d2
diff --git a/certs/internal.h b/certs/internal.h
8c64d2
new file mode 100644
8c64d2
index 0000000..5dcbefb
8c64d2
--- /dev/null
8c64d2
+++ b/certs/internal.h
8c64d2
@@ -0,0 +1,18 @@
8c64d2
+/* Internal definitions
8c64d2
+ *
8c64d2
+ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
8c64d2
+ * Written by David Howells (dhowells@redhat.com)
8c64d2
+ *
8c64d2
+ * This program is free software; you can redistribute it and/or
8c64d2
+ * modify it under the terms of the GNU General Public Licence
8c64d2
+ * as published by the Free Software Foundation; either version
8c64d2
+ * 2 of the Licence, or (at your option) any later version.
8c64d2
+ */
8c64d2
+
8c64d2
+/*
8c64d2
+ * system_keyring.c
8c64d2
+ */
8c64d2
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
8c64d2
+extern void __init add_trusted_secondary_key(const char *source,
8c64d2
+					     const void *data, size_t len);
8c64d2
+#endif
8c64d2
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
8c64d2
index 6251d1b..5ac8ba6 100644
8c64d2
--- a/certs/system_keyring.c
8c64d2
+++ b/certs/system_keyring.c
8c64d2
@@ -18,6 +18,7 @@
8c64d2
 #include <keys asymmetric-type.h="">
8c64d2
 #include <keys system_keyring.h="">
8c64d2
 #include <crypto pkcs7.h="">
8c64d2
+#include "internal.h"
8c64d2
8c64d2
 static struct key *builtin_trusted_keys;
8c64d2
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
8c64d2
@@ -265,3 +266,35 @@ int verify_pkcs7_signature(const void *data, size_t len,
8c64d2
 EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
8c64d2
8c64d2
 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
8c64d2
+
8c64d2
+#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
8c64d2
+/**
8c64d2
+ * add_trusted_secondary_key - Add to secondary keyring with no validation
8c64d2
+ * @source: Source of key
8c64d2
+ * @data: The blob holding the key
8c64d2
+ * @len: The length of the data blob
8c64d2
+ *
8c64d2
+ * Add a key to the secondary keyring without checking its trust chain.  This
8c64d2
+ * is available only during kernel initialisation.
8c64d2
+ */
8c64d2
+void __init add_trusted_secondary_key(const char *source,
8c64d2
+				      const void *data, size_t len)
8c64d2
+{
8c64d2
+	key_ref_t key;
8c64d2
+
8c64d2
+	key = key_create_or_update(make_key_ref(secondary_trusted_keys, 1),
8c64d2
+				   "asymmetric",
8c64d2
+				   NULL, data, len,
8c64d2
+				   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
8c64d2
+				   KEY_USR_VIEW,
8c64d2
+				   KEY_ALLOC_NOT_IN_QUOTA |
8c64d2
+				   KEY_ALLOC_BYPASS_RESTRICTION);
8c64d2
+
8c64d2
+	if (IS_ERR(key))
8c64d2
+		pr_err("Problem loading %s X.509 certificate (%ld)\n",
8c64d2
+		       source, PTR_ERR(key));
8c64d2
+	else
8c64d2
+		pr_notice("Loaded %s cert '%s' linked to secondary sys keyring\n",
8c64d2
+			  source, key_ref_to_ptr(key)->description);
8c64d2
+}
8c64d2
+#endif /* CONFIG_SECONDARY_TRUSTED_KEYRING */
8c64d2
-- 
8c64d2
2.9.3
8c64d2