git.baikalelectronics.ru Git - kernel.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Mon, 11 Nov 2019 03:10:36 +0000 (21:10 -0600)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Tue, 12 Nov 2019 13:33:23 +0000 (00:33 +1100)
commit	a41d39b907ec68c22d0393bda3c81878ecf318b5
tree	565ae2c0ff755e7454f137a03bfc3e63870d8060	tree \| snapshot
parent	4d78ca3c31b75a7ff4106d1f3a53251b81619429	commit \| diff

powerpc: Load firmware trusted keys/hashes into kernel keyring

The keys used to verify the Host OS kernel are managed by firmware as
secure variables. This patch loads the verification keys into the
.platform keyring and revocation hashes into .blacklist keyring. This
enables verification and loading of the kernels signed by the boot
time keys which are trusted by firmware.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[mpe: Search by compatible in load_powerpc_certs(), not using format]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1573441836-3632-5-git-send-email-nayna@linux.ibm.com

security/integrity/Kconfig		diff \| blob \| history
security/integrity/Makefile		diff \| blob \| history
security/integrity/platform_certs/load_powerpc.c	[new file with mode: 0644]	blob