• Nayna Jain's avatar
    integrity: Define a trusted platform keyring · 9dc92c45
    Nayna Jain authored
    On secure boot enabled systems, a verified kernel may need to kexec
    additional kernels. For example, it may be used as a bootloader needing
    to kexec a target kernel or it may need to kexec a crashdump kernel. In
    such cases, it may want to verify the signature of the next kernel
    image.
    
    It is further possible that the kernel image is signed with third party
    keys which are stored as platform or firmware keys in the 'db' variable.
    The kernel, however, can not directly verify these platform keys, and an
    administrator may therefore not want to trust them for arbitrary usage.
    In order to differentiate platform keys from other keys and provide the
    necessary separation of trust, the kernel needs an additional keyring to
    store platform keys.
    
    This patch creates the new keyring called ".platform" to isolate keys
    provided by platform from keys by kernel. These keys are used to
    facilitate signature verification during kexec. Since the scope of this
    keyring is only the platform/firmware keys, it cannot be updated from
    userspace.
    
    This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING.
    Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
    Reviewed-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
    Reviewed-by: default avatarJames Morris <james.morris@microsoft.com>
    Reviewed-by: default avatarThiago Jung Bauermann <bauerman@linux.ibm.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    9dc92c45
Kconfig 2.8 KB