Merge tag 'iwlwifi-for-kalle-2019-03-22' of git://git.kernel.org/pub/scm/linux/kernel...

[linux-2.6-microblaze.git] / certs / system_keyring.c

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 8172871..c05c29a 100644 (file)
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -24,6 +24,9 @@ static struct key *builtin_trusted_keys;
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
 static struct key *secondary_trusted_keys;
 #endif
+#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
+static struct key *platform_trusted_keys;
+#endif
 
 extern __initconst const u8 system_certificate_list[];
 extern __initconst const unsigned long system_certificate_list_size;
@@ -237,11 +240,22 @@ int verify_pkcs7_signature(const void *data, size_t len,
 #else
                trusted_keys = builtin_trusted_keys;
 #endif
+       } else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) {
+#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
+               trusted_keys = platform_trusted_keys;
+#else
+               trusted_keys = NULL;
+#endif
+               if (!trusted_keys) {
+                       ret = -ENOKEY;
+                       pr_devel("PKCS#7 platform keyring is not available\n");
+                       goto error;
+               }
        }
        ret = pkcs7_validate_trust(pkcs7, trusted_keys);
        if (ret < 0) {
                if (ret == -ENOKEY)
-                       pr_err("PKCS#7 signature not signed with a trusted key\n");
+                       pr_devel("PKCS#7 signature not signed with a trusted key\n");
                goto error;
        }
 
@@ -266,3 +280,10 @@ error:
 EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
 
 #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
+
+#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
+void __init set_platform_trusted_keys(struct key *keyring)
+{
+       platform_trusted_keys = keyring;
+}
+#endif