1*9641b8ccSMartin Schwidefsky // SPDX-License-Identifier: GPL-2.0 2*9641b8ccSMartin Schwidefsky 3*9641b8ccSMartin Schwidefsky #include <linux/kernel.h> 4*9641b8ccSMartin Schwidefsky #include <linux/sched.h> 5*9641b8ccSMartin Schwidefsky #include <linux/cred.h> 6*9641b8ccSMartin Schwidefsky #include <linux/err.h> 7*9641b8ccSMartin Schwidefsky #include <linux/efi.h> 8*9641b8ccSMartin Schwidefsky #include <linux/slab.h> 9*9641b8ccSMartin Schwidefsky #include <keys/asymmetric-type.h> 10*9641b8ccSMartin Schwidefsky #include <keys/system_keyring.h> 11*9641b8ccSMartin Schwidefsky #include <asm/boot_data.h> 12*9641b8ccSMartin Schwidefsky #include "../integrity.h" 13*9641b8ccSMartin Schwidefsky 14*9641b8ccSMartin Schwidefsky /* 15*9641b8ccSMartin Schwidefsky * Load the certs contained in the IPL report created by the machine loader 16*9641b8ccSMartin Schwidefsky * into the platform trusted keyring. 17*9641b8ccSMartin Schwidefsky */ 18*9641b8ccSMartin Schwidefsky static int __init load_ipl_certs(void) 19*9641b8ccSMartin Schwidefsky { 20*9641b8ccSMartin Schwidefsky void *ptr, *end; 21*9641b8ccSMartin Schwidefsky unsigned int len; 22*9641b8ccSMartin Schwidefsky 23*9641b8ccSMartin Schwidefsky if (!ipl_cert_list_addr) 24*9641b8ccSMartin Schwidefsky return 0; 25*9641b8ccSMartin Schwidefsky /* Copy the certificates to the system keyring */ 26*9641b8ccSMartin Schwidefsky ptr = (void *) ipl_cert_list_addr; 27*9641b8ccSMartin Schwidefsky end = ptr + ipl_cert_list_size; 28*9641b8ccSMartin Schwidefsky while ((void *) ptr < end) { 29*9641b8ccSMartin Schwidefsky len = *(unsigned int *) ptr; 30*9641b8ccSMartin Schwidefsky ptr += sizeof(unsigned int); 31*9641b8ccSMartin Schwidefsky add_to_platform_keyring("IPL:db", ptr, len); 32*9641b8ccSMartin Schwidefsky ptr += len; 33*9641b8ccSMartin Schwidefsky } 34*9641b8ccSMartin Schwidefsky return 0; 35*9641b8ccSMartin Schwidefsky } 36*9641b8ccSMartin Schwidefsky late_initcall(load_ipl_certs); 37