From: Roberto Sassu <roberto.sassu@huawei.com> To: <dhowells@redhat.com>, <dwmw2@infradead.org>, <herbert@gondor.apana.org.au>, <davem@davemloft.net> Cc: <keyrings@vger.kernel.org>, <linux-crypto@vger.kernel.org>, <linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <silviu.vlasceanu@huawei.com>, Roberto Sassu <roberto.sassu@huawei.com> Subject: [RFC][PATCH 12/12] KEYS: Introduce load_pgp_public_keyring() Date: Mon, 12 Nov 2018 11:24:23 +0100 [thread overview] Message-ID: <20181112102423.30415-13-roberto.sassu@huawei.com> (raw) In-Reply-To: <20181112102423.30415-1-roberto.sassu@huawei.com> Preload PGP keys from 'pubring.gpg', placed in the kernel source directory. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- certs/Kconfig | 7 +++++++ certs/Makefile | 3 +++ certs/system_keyring.c | 25 +++++++++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/certs/Kconfig b/certs/Kconfig index c94e93d8bccf..71be583e55a4 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -83,4 +83,11 @@ config SYSTEM_BLACKLIST_HASH_LIST wrapper to incorporate the list into the kernel. Each <hash> should be a string of hex digits. +config PGP_PRELOAD_PUBLIC_KEYS + bool "Preload PGP public keys" + select PGP_PRELOAD + default n + help + Provide a keyring of PGP public keys. + endmenu diff --git a/certs/Makefile b/certs/Makefile index 5d0999b9e21b..4338af9182e3 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -4,6 +4,9 @@ # obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o +ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +certs/system_keyring.o: pubring.gpg +endif obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"") obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o diff --git a/certs/system_keyring.c b/certs/system_keyring.c index e4c59a5c7a9d..5dacb124133f 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -189,6 +189,31 @@ static __init int load_system_certificate_list(void) } late_initcall(load_system_certificate_list); +#ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +extern __initconst const u8 pgp_public_keys[]; +extern __initconst const u8 pgp_public_keys_end[]; +asm(".section .init.data,\"aw\"\n" + "pgp_public_keys:\n" + ".incbin \"pubring.gpg\"\n" + "pgp_public_keys_end:"); + +/* + * Load a list of PGP keys. + */ +static __init int load_pgp_public_keyring(void) +{ + pr_notice("Load PGP public keys\n"); + + if (preload_pgp_keys(pgp_public_keys, + pgp_public_keys_end - pgp_public_keys, + builtin_trusted_keys) < 0) + pr_err("Can't load PGP public keys\n"); + + return 0; +} +late_initcall(load_pgp_public_keyring); +#endif /* CONFIG_PGP_PRELOAD_PUBLIC_KEYS */ + #ifdef CONFIG_SYSTEM_DATA_VERIFICATION /** -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Roberto Sassu <roberto.sassu@huawei.com> To: dhowells@redhat.com, dwmw2@infradead.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com, Roberto Sassu <roberto.sassu@huawei.com> Subject: [RFC][PATCH 12/12] KEYS: Introduce load_pgp_public_keyring() Date: Mon, 12 Nov 2018 10:24:23 +0000 [thread overview] Message-ID: <20181112102423.30415-13-roberto.sassu@huawei.com> (raw) In-Reply-To: <20181112102423.30415-1-roberto.sassu@huawei.com> Preload PGP keys from 'pubring.gpg', placed in the kernel source directory. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- certs/Kconfig | 7 +++++++ certs/Makefile | 3 +++ certs/system_keyring.c | 25 +++++++++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/certs/Kconfig b/certs/Kconfig index c94e93d8bccf..71be583e55a4 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -83,4 +83,11 @@ config SYSTEM_BLACKLIST_HASH_LIST wrapper to incorporate the list into the kernel. Each <hash> should be a string of hex digits. +config PGP_PRELOAD_PUBLIC_KEYS + bool "Preload PGP public keys" + select PGP_PRELOAD + default n + help + Provide a keyring of PGP public keys. + endmenu diff --git a/certs/Makefile b/certs/Makefile index 5d0999b9e21b..4338af9182e3 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -4,6 +4,9 @@ # obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o +ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +certs/system_keyring.o: pubring.gpg +endif obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"") obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o diff --git a/certs/system_keyring.c b/certs/system_keyring.c index e4c59a5c7a9d..5dacb124133f 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -189,6 +189,31 @@ static __init int load_system_certificate_list(void) } late_initcall(load_system_certificate_list); +#ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +extern __initconst const u8 pgp_public_keys[]; +extern __initconst const u8 pgp_public_keys_end[]; +asm(".section .init.data,\"aw\"\n" + "pgp_public_keys:\n" + ".incbin \"pubring.gpg\"\n" + "pgp_public_keys_end:"); + +/* + * Load a list of PGP keys. + */ +static __init int load_pgp_public_keyring(void) +{ + pr_notice("Load PGP public keys\n"); + + if (preload_pgp_keys(pgp_public_keys, + pgp_public_keys_end - pgp_public_keys, + builtin_trusted_keys) < 0) + pr_err("Can't load PGP public keys\n"); + + return 0; +} +late_initcall(load_pgp_public_keyring); +#endif /* CONFIG_PGP_PRELOAD_PUBLIC_KEYS */ + #ifdef CONFIG_SYSTEM_DATA_VERIFICATION /** -- 2.17.1
next prev parent reply other threads:[~2018-11-12 20:28 UTC|newest] Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-11-12 10:24 [RFC][PATCH 00/12] keys: add support for PGP keys and signatures Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 01/12] mpi: introduce mpi_key_length() Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 02/12] rsa: add parser of raw format Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 03/12] PGPLIB: PGP definitions (RFC 4880) Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 04/12] PGPLIB: Basic packet parser Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 05/12] PGPLIB: Signature parser Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 06/12] KEYS: PGP data parser Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 07/12] KEYS: Provide PGP key description autogeneration Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 08/12] KEYS: PGP-based public key signature verification Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 09/12] verification: introduce verify_pgp_signature() Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 10/12] PGP: Provide a key type for testing PGP signatures Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` [RFC][PATCH 11/12] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu 2018-11-12 10:24 ` Roberto Sassu [this message] 2018-11-12 10:24 ` [RFC][PATCH 12/12] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu 2018-11-12 12:31 ` [RFC][PATCH 04/12] PGPLIB: Basic packet parser David Howells 2018-11-12 12:35 ` [RFC][PATCH 05/12] PGPLIB: Signature parser David Howells 2018-11-12 12:43 ` [RFC][PATCH 08/12] KEYS: PGP-based public key signature verification David Howells 2018-11-12 14:22 ` Roberto Sassu 2018-11-12 14:22 ` Roberto Sassu 2018-12-10 16:58 ` David Howells 2018-12-10 18:04 ` Roberto Sassu 2018-12-10 18:04 ` Roberto Sassu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181112102423.30415-13-roberto.sassu@huawei.com \ --to=roberto.sassu@huawei.com \ --cc=davem@davemloft.net \ --cc=dhowells@redhat.com \ --cc=dwmw2@infradead.org \ --cc=herbert@gondor.apana.org.au \ --cc=keyrings@vger.kernel.org \ --cc=linux-crypto@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=silviu.vlasceanu@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.