integrity: PowerVM support for loading third party code signing keys

[sfrench/cifs-2.6.git] / certs / system_keyring.c

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index b348e0898d34a251ddff092b07b15a5b8f0e0795..33841c91f12cc88d12080b39636d539e57b1014f 100644 (file)
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -152,6 +152,36 @@ static __init struct key_restriction *get_builtin_and_secondary_restriction(void
 
        return restriction;
 }
+
+/**
+ * add_to_secondary_keyring - Add to secondary keyring.
+ * @source: Source of key
+ * @data: The blob holding the key
+ * @len: The length of the data blob
+ *
+ * Add a key to the secondary keyring. The key must be vouched for by a key in the builtin,
+ * machine or secondary keyring itself.
+ */
+void __init add_to_secondary_keyring(const char *source, const void *data, size_t len)
+{
+       key_ref_t key;
+       key_perm_t perm;
+
+       perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW;
+
+       key = key_create_or_update(make_key_ref(secondary_trusted_keys, 1),
+                                  "asymmetric",
+                                  NULL, data, len, perm,
+                                  KEY_ALLOC_NOT_IN_QUOTA);
+       if (IS_ERR(key)) {
+               pr_err("Problem loading X.509 certificate from %s to secondary keyring %ld\n",
+                      source, PTR_ERR(key));
+               return;
+       }
+
+       pr_notice("Loaded X.509 cert '%s'\n", key_ref_to_ptr(key)->description);
+       key_ref_put(key);
+}
 #endif
 #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
 void __init set_machine_trusted_keys(struct key *keyring)