diff options
author | David Howells <dhowells@redhat.com> | 2012-10-04 14:57:06 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2012-12-12 22:30:52 +0000 |
commit | 830c2dfd1e75c4076eccd1a8a9130dbf7e4905bb (patch) | |
tree | 3456e58432d4a3d39ae56da61065c8a1e8f755bd | |
parent | 095e0bd2612ee628ab680cf415b987ba2e452f68 (diff) | |
download | linux-modsign-modsign-post-KS.tar.gz |
Test for EFI signature list parsermodsign-post-KS
-rw-r--r-- | crypto/asymmetric_keys/Makefile | 2 | ||||
-rw-r--r-- | crypto/asymmetric_keys/efi_test.c | 76 |
2 files changed, 77 insertions, 1 deletions
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index cd8388e5f2f14b..10c20ffb902682 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -8,7 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o obj-$(CONFIG_PUBLIC_KEY_ALGO_RSA) += rsa.o -obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o +obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o efi_test.o # # X.509 Certificate handling diff --git a/crypto/asymmetric_keys/efi_test.c b/crypto/asymmetric_keys/efi_test.c new file mode 100644 index 00000000000000..5674858505037b --- /dev/null +++ b/crypto/asymmetric_keys/efi_test.c @@ -0,0 +1,76 @@ +/* EFI signature/key/certificate list parser test + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#define pr_fmt(fmt) "EFI: "fmt +#include <linux/module.h> +#include <linux/printk.h> +#include <linux/err.h> +#include <linux/efi.h> +#include <linux/sched.h> +#include <linux/key-type.h> + +struct key *efi_keyring; + +extern __initdata const u8 efi_signature_list[]; +extern __initdata const u8 efi_signature_list_end[]; +asm(".section .init.data,\"aw\"\n" + "efi_signature_list:\n" + ".incbin \"efi_signature_list\"\n" + "efi_signature_list_end:" + ); + +/* + * We need to make sure ccache doesn't cache the .o file as it doesn't notice + * if modsign.pub changes. + */ +static __initdata const char annoy_ccache[] = __TIME__ "foo"; + +/* + * Create the EFI keyring + */ +static __init int efi_keyring_init(void) +{ + pr_notice("Initialise module verification\n"); + + efi_keyring = key_alloc(&key_type_keyring, ".efi_keyring", + 0, 0, current_cred(), + (KEY_POS_ALL & ~KEY_POS_SETATTR) | + KEY_USR_VIEW | KEY_USR_READ, + KEY_ALLOC_NOT_IN_QUOTA); + if (IS_ERR(efi_keyring)) + panic("Can't allocate EFI keyring\n"); + + if (key_instantiate_and_link(efi_keyring, NULL, 0, NULL, NULL) < 0) + panic("Can't instantiate EFI keyring\n"); + + return 0; +} + +/* + * Must be initialised before we try and load the keys into the keyring. + */ +device_initcall(efi_keyring_init); + +/* + * Load the compiled-in keys + */ +static __init int load_efi_keys(void) +{ + pr_notice("Loading EFI signature list\n"); + + parse_efi_signature_list(efi_signature_list, + efi_signature_list_end - efi_signature_list, + efi_keyring); + + pr_notice("Loaded EFI signature list\n"); + return 0; +} +late_initcall(load_efi_keys); |