kernel/security/integrity/digsig.c, branch linux-5.1.y

integrity: Fix __integrity_init_keyring() section mismatch

2019-07-26T07:12:36Z

[ Upstream commit 8c655784e2cf59cb6140759b8b546d98261d1ad9 ] With gcc-4.6.3: WARNING: vmlinux.o(.text.unlikely+0x24c64): Section mismatch in reference from the function __integrity_init_keyring() to the function .init.text:set_platform_trusted_keys() The function __integrity_init_keyring() references the function __init set_platform_trusted_keys(). This is often because __integrity_init_keyring lacks a __init annotation or the annotation of set_platform_trusted_keys is wrong. Indeed, if the compiler decides not to inline __integrity_init_keyring(), a warning is issued. Fix this by adding the missing __init annotation. Fixes: 9dc92c45177ab70e ("integrity: Define a trusted platform keyring") Signed-off-by: Geert Uytterhoeven Reviewed-by: Nayna Jain Reviewed-by: James Morris Signed-off-by: Mimi Zohar Signed-off-by: Sasha Levin

integrity, KEYS: add a reference to platform keyring

2019-02-04T22:29:19Z

commit 9dc92c45177a ("integrity: Define a trusted platform keyring") introduced a .platform keyring for storing preboot keys, used for verifying kernel image signatures. Currently only IMA-appraisal is able to use the keyring to verify kernel images that have their signature stored in xattr. This patch exposes the .platform keyring, making it accessible for verifying PE signed kernel images as well. Suggested-by: Mimi Zohar Signed-off-by: Kairui Song Cc: David Howells [zohar@linux.ibm.com: fixed checkpatch errors, squashed with patch fix] Signed-off-by: Mimi Zohar

integrity: Remove references to module keyring

2018-12-17T22:09:39Z

From what I can tell, it has never been used. Mimi: This was introduced prior to Rusty's decision to use appended signatures for kernel modules. Signed-off-by: Thiago Jung Bauermann Acked-by: Mimi Zohar Signed-off-by: James Morris

integrity: Load certs to the platform keyring

2018-12-13T03:02:54Z

The patch refactors integrity_load_x509(), making it a wrapper for a new function named integrity_add_key(). This patch also defines a new function named integrity_load_cert() for loading the platform keys. Signed-off-by: Nayna Jain Reviewed-by: Mimi Zohar Acked-by: Serge Hallyn Reviewed-by: James Morris Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar

integrity: Define a trusted platform keyring

2018-12-13T03:02:28Z

On secure boot enabled systems, a verified kernel may need to kexec additional kernels. For example, it may be used as a bootloader needing to kexec a target kernel or it may need to kexec a crashdump kernel. In such cases, it may want to verify the signature of the next kernel image. It is further possible that the kernel image is signed with third party keys which are stored as platform or firmware keys in the 'db' variable. The kernel, however, can not directly verify these platform keys, and an administrator may therefore not want to trust them for arbitrary usage. In order to differentiate platform keys from other keys and provide the necessary separation of trust, the kernel needs an additional keyring to store platform keys. This patch creates the new keyring called ".platform" to isolate keys provided by platform from keys by kernel. These keys are used to facilitate signature verification during kexec. Since the scope of this keyring is only the platform/firmware keys, it cannot be updated from userspace. This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING. Signed-off-by: Nayna Jain Reviewed-by: Mimi Zohar Acked-by: Serge Hallyn Reviewed-by: James Morris Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar

security/integrity: remove unnecessary 'init_keyring' variable

2018-10-10T16:56:15Z

The 'init_keyring' variable actually just gave the value of CONFIG_INTEGRITY_TRUSTED_KEYRING. We should check the config option directly instead. No change in behavior; this just simplifies the code. Signed-off-by: Eric Biggers Signed-off-by: Mimi Zohar

security/integrity: constify some read-only data

2018-10-10T16:56:15Z

Constify some static data that is never modified, so that it is placed in .rodata. Signed-off-by: Eric Biggers Signed-off-by: Mimi Zohar

integrity/security: fix digsig.c build error with header file

2018-02-23T04:09:08Z

security/integrity/digsig.c has build errors on some $ARCH due to a missing header file, so add it. security/integrity/digsig.c:146:2: error: implicit declaration of function 'vfree' [-Werror=implicit-function-declaration] Reported-by: Michael Ellerman Signed-off-by: Randy Dunlap Cc: Mimi Zohar Cc: linux-integrity@vger.kernel.org Link: http://kisskb.ellerman.id.au/kisskb/head/13396/ Signed-off-by: James Morris

integrity: use kernel_read_file_from_path() to read x509 certs

2017-11-08T20:16:36Z

The CONFIG_IMA_LOAD_X509 and CONFIG_EVM_LOAD_X509 options permit loading x509 signed certificates onto the trusted keyrings without verifying the x509 certificate file's signature. This patch replaces the call to the integrity_read_file() specific function with the common kernel_read_file_from_path() function. To avoid verifying the file signature, this patch defines READING_X509_CERTFICATE. Signed-off-by: Christoph Hellwig Signed-off-by: Mimi Zohar

KEYS: Use structure to capture key restriction function and data

2017-04-04T21:10:10Z

Replace struct key's restrict_link function pointer with a pointer to the new struct key_restriction. The structure contains pointers to the restriction function as well as relevant data for evaluating the restriction. The garbage collector checks restrict_link->keytype when key types are unregistered. Restrictions involving a removed key type are converted to use restrict_link_reject so that restrictions cannot be removed by unregistering key types. Signed-off-by: Mat Martineau