On Thu, 2019-01-10 at 00:48 +0800, Kairui Song wrote:
> Currently kexec_file_load will verify the kernel image being loaded
> against .builtin_trusted_keys or .secondary_trusted_keys, but the
> image could be signed with third part keys which will be provided by
> platform or firmware and the keys won't be available in keyrings mentioned
> above.
>
> After commit ea93102f3224 ('integrity: Define a trusted platform keyring')
> a .platform keyring is introduced to store the keys provided by platform
> or firmware. And with a few following commits, now keys required to verify
> the image is being imported to .platform keyring, but currently, only
> IMA-appraisal could use the keyring and verify the image.
>
> This patch exposes the .platform and makes other components, like
> kexec_file_load, could use this .platform keyring to verify the
> kernel image.
The "platform" keyring was upstreamed in order to verify the kernel
image being loaded by the kexec_file_load syscall. The intentions of
this patch description needs to be clearer.
>
> Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> Signed-off-by: Kairui Song <kasong@xxxxxxxxxx>
> ---
> certs/system_keyring.c | 3 +++
> include/keys/system_keyring.h | 5 +++++
> security/integrity/digsig.c | 4 ++++
> 3 files changed, 12 insertions(+)
>
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 81728717523d..a61b95390b80 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -24,6 +24,9 @@ static struct key *builtin_trusted_keys;
> #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
> static struct key *secondary_trusted_keys;
> #endif
> +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> +struct key *platform_trusted_keys;
Please make it static.
Mimi
> +#endif
