git.baikalelectronics.ru Git - kernel.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Mon, 11 Nov 2019 03:10:36 +0000 (21:10 -0600)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Tue, 12 Nov 2019 13:33:23 +0000 (00:33 +1100)
commit	3755ff84a7f9de1249781d0bc8e6b9a859b05a23
tree	565ae2c0ff755e7454f137a03bfc3e63870d8060	tree \| snapshot
parent	ca30518232f618d8609c77ccbe7d6938dfddcd6d	commit \| diff

powerpc: Load firmware trusted keys/hashes into kernel keyring

The keys used to verify the Host OS kernel are managed by firmware as
secure variables. This patch loads the verification keys into the
.platform keyring and revocation hashes into .blacklist keyring. This
enables verification and loading of the kernels signed by the boot
time keys which are trusted by firmware.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[mpe: Search by compatible in load_powerpc_certs(), not using format]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1573441836-3632-5-git-send-email-nayna@linux.ibm.com

security/integrity/Kconfig		diff \| blob \| history
security/integrity/Makefile		diff \| blob \| history
security/integrity/platform_certs/load_powerpc.c	[new file with mode: 0644]	blob