From: Roberto Sassu <roberto.sassu@huawei.com>
To: <dhowells@redhat.com>, <dwmw2@infradead.org>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>
Cc: <keyrings@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
<linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<silviu.vlasceanu@huawei.com>,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [RFC][PATCH 12/12] KEYS: Introduce load_pgp_public_keyring()
Date: Mon, 12 Nov 2018 11:24:23 +0100 [thread overview]
Message-ID: <20181112102423.30415-13-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20181112102423.30415-1-roberto.sassu@huawei.com>
Preload PGP keys from 'pubring.gpg', placed in the kernel source directory.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
certs/Kconfig | 7 +++++++
certs/Makefile | 3 +++
certs/system_keyring.c | 25 +++++++++++++++++++++++++
3 files changed, 35 insertions(+)
diff --git a/certs/Kconfig b/certs/Kconfig
index c94e93d8bccf..71be583e55a4 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -83,4 +83,11 @@ config SYSTEM_BLACKLIST_HASH_LIST
wrapper to incorporate the list into the kernel. Each <hash> should
be a string of hex digits.
+config PGP_PRELOAD_PUBLIC_KEYS
+ bool "Preload PGP public keys"
+ select PGP_PRELOAD
+ default n
+ help
+ Provide a keyring of PGP public keys.
+
endmenu
diff --git a/certs/Makefile b/certs/Makefile
index 5d0999b9e21b..4338af9182e3 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -4,6 +4,9 @@
#
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
+ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS
+certs/system_keyring.o: pubring.gpg
+endif
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o
ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"")
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index e4c59a5c7a9d..5dacb124133f 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -189,6 +189,31 @@ static __init int load_system_certificate_list(void)
}
late_initcall(load_system_certificate_list);
+#ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS
+extern __initconst const u8 pgp_public_keys[];
+extern __initconst const u8 pgp_public_keys_end[];
+asm(".section .init.data,\"aw\"\n"
+ "pgp_public_keys:\n"
+ ".incbin \"pubring.gpg\"\n"
+ "pgp_public_keys_end:");
+
+/*
+ * Load a list of PGP keys.
+ */
+static __init int load_pgp_public_keyring(void)
+{
+ pr_notice("Load PGP public keys\n");
+
+ if (preload_pgp_keys(pgp_public_keys,
+ pgp_public_keys_end - pgp_public_keys,
+ builtin_trusted_keys) < 0)
+ pr_err("Can't load PGP public keys\n");
+
+ return 0;
+}
+late_initcall(load_pgp_public_keyring);
+#endif /* CONFIG_PGP_PRELOAD_PUBLIC_KEYS */
+
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
/**
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Roberto Sassu <roberto.sassu@huawei.com>
To: dhowells@redhat.com, dwmw2@infradead.org,
herbert@gondor.apana.org.au, davem@davemloft.net
Cc: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
silviu.vlasceanu@huawei.com,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [RFC][PATCH 12/12] KEYS: Introduce load_pgp_public_keyring()
Date: Mon, 12 Nov 2018 10:24:23 +0000 [thread overview]
Message-ID: <20181112102423.30415-13-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20181112102423.30415-1-roberto.sassu@huawei.com>
Preload PGP keys from 'pubring.gpg', placed in the kernel source directory.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
certs/Kconfig | 7 +++++++
certs/Makefile | 3 +++
certs/system_keyring.c | 25 +++++++++++++++++++++++++
3 files changed, 35 insertions(+)
diff --git a/certs/Kconfig b/certs/Kconfig
index c94e93d8bccf..71be583e55a4 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -83,4 +83,11 @@ config SYSTEM_BLACKLIST_HASH_LIST
wrapper to incorporate the list into the kernel. Each <hash> should
be a string of hex digits.
+config PGP_PRELOAD_PUBLIC_KEYS
+ bool "Preload PGP public keys"
+ select PGP_PRELOAD
+ default n
+ help
+ Provide a keyring of PGP public keys.
+
endmenu
diff --git a/certs/Makefile b/certs/Makefile
index 5d0999b9e21b..4338af9182e3 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -4,6 +4,9 @@
#
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
+ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS
+certs/system_keyring.o: pubring.gpg
+endif
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o
ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"")
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index e4c59a5c7a9d..5dacb124133f 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -189,6 +189,31 @@ static __init int load_system_certificate_list(void)
}
late_initcall(load_system_certificate_list);
+#ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS
+extern __initconst const u8 pgp_public_keys[];
+extern __initconst const u8 pgp_public_keys_end[];
+asm(".section .init.data,\"aw\"\n"
+ "pgp_public_keys:\n"
+ ".incbin \"pubring.gpg\"\n"
+ "pgp_public_keys_end:");
+
+/*
+ * Load a list of PGP keys.
+ */
+static __init int load_pgp_public_keyring(void)
+{
+ pr_notice("Load PGP public keys\n");
+
+ if (preload_pgp_keys(pgp_public_keys,
+ pgp_public_keys_end - pgp_public_keys,
+ builtin_trusted_keys) < 0)
+ pr_err("Can't load PGP public keys\n");
+
+ return 0;
+}
+late_initcall(load_pgp_public_keyring);
+#endif /* CONFIG_PGP_PRELOAD_PUBLIC_KEYS */
+
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION
/**
--
2.17.1
next prev parent reply other threads:[~2018-11-12 20:28 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-12 10:24 [RFC][PATCH 00/12] keys: add support for PGP keys and signatures Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 01/12] mpi: introduce mpi_key_length() Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 02/12] rsa: add parser of raw format Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 03/12] PGPLIB: PGP definitions (RFC 4880) Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 04/12] PGPLIB: Basic packet parser Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 05/12] PGPLIB: Signature parser Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 06/12] KEYS: PGP data parser Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 07/12] KEYS: Provide PGP key description autogeneration Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 08/12] KEYS: PGP-based public key signature verification Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 09/12] verification: introduce verify_pgp_signature() Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 10/12] PGP: Provide a key type for testing PGP signatures Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` [RFC][PATCH 11/12] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu
2018-11-12 10:24 ` Roberto Sassu [this message]
2018-11-12 10:24 ` [RFC][PATCH 12/12] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu
2018-11-12 12:31 ` [RFC][PATCH 04/12] PGPLIB: Basic packet parser David Howells
2018-11-12 12:35 ` [RFC][PATCH 05/12] PGPLIB: Signature parser David Howells
2018-11-12 12:43 ` [RFC][PATCH 08/12] KEYS: PGP-based public key signature verification David Howells
2018-11-12 14:22 ` Roberto Sassu
2018-11-12 14:22 ` Roberto Sassu
2018-12-10 16:58 ` David Howells
2018-12-10 18:04 ` Roberto Sassu
2018-12-10 18:04 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181112102423.30415-13-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=silviu.vlasceanu@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.