integrity: Load certs to the platform keyring

	keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),

				    KGIDT_INIT(0), cred, perm,

				    KEY_ALLOC_NOT_IN_QUOTA,

				    restriction, NULL);

				    KEY_ALLOC_NOT_IN_QUOTA, restriction, NULL);

	if (IS_ERR(keyring[id])) {

		err = PTR_ERR(keyring[id]);

		pr_info("Can't allocate %s keyring (%d)\n",

	return __integrity_init_keyring(id, perm, restriction);

}

int __init integrity_load_x509(const unsigned int id, const char *path)

int __init integrity_add_key(const unsigned int id, const void *data,

			     off_t size, key_perm_t perm)

{

	key_ref_t key;

	void *data;

	loff_t size;

	int rc;

	int rc = 0;

	if (!keyring[id])

		return -EINVAL;

	key = key_create_or_update(make_key_ref(keyring[id], 1), "asymmetric",

				   NULL, data, size, perm,

				   KEY_ALLOC_NOT_IN_QUOTA);

	if (IS_ERR(key)) {

		rc = PTR_ERR(key);

		pr_err("Problem loading X.509 certificate %d\n", rc);

	} else {

		pr_notice("Loaded X.509 cert '%s'\n",

			  key_ref_to_ptr(key)->description);

		key_ref_put(key);

	}

	return rc;

}

int __init integrity_load_x509(const unsigned int id, const char *path)

{

	void *data;

	loff_t size;

	int rc;

	key_perm_t perm;

	rc = kernel_read_file_from_path(path, &data, &size, 0,

					READING_X509_CERTIFICATE);

	if (rc < 0) {

		return rc;

	}

	key = key_create_or_update(make_key_ref(keyring[id], 1),

				   "asymmetric",

				   NULL,

				   data,

				   size,

				   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |

				    KEY_USR_VIEW | KEY_USR_READ),

				   KEY_ALLOC_NOT_IN_QUOTA);

	if (IS_ERR(key)) {

		rc = PTR_ERR(key);

		pr_err("Problem loading X.509 certificate (%d): %s\n",

		       rc, path);

	} else {

		pr_notice("Loaded X.509 cert '%s': %s\n",

			  key_ref_to_ptr(key)->description, path);

		key_ref_put(key);

	}

	perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ;

	pr_info("Loading X.509 certificate: %s\n", path);

	rc = integrity_add_key(id, (const void *)data, size, perm);

	vfree(data);

	return 0;

	return rc;

}

int __init integrity_load_cert(const unsigned int id, const char *source,

			       const void *data, size_t len, key_perm_t perm)

{

	if (!data)

		return -EINVAL;

	pr_info("Loading X.509 certificate: %s\n", source);

	return integrity_add_key(id, data, len, perm);

}

int __init integrity_init_keyring(const unsigned int id);

int __init integrity_load_x509(const unsigned int id, const char *path);

int __init integrity_load_cert(const unsigned int id, const char *source,

			       const void *data, size_t len, key_perm_t perm);

#else

static inline int integrity_digsig_verify(const unsigned int id,

{

	return 0;

}

static inline int __init integrity_load_cert(const unsigned int id,

					     const char *source,

					     const void *data, size_t len,

					     key_perm_t perm)

{

	return 0;

}

#endif /* CONFIG_INTEGRITY_SIGNATURE */

#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS

}

#endif

#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING

void __init add_to_platform_keyring(const char *source, const void *data,

				    size_t len);

#else

static inline void __init add_to_platform_keyring(const char *source,

						  const void *data, size_t len)

{

}

#endif

#include <linux/slab.h>

#include "../integrity.h"

/**

 * add_to_platform_keyring - Add to platform keyring without validation.

 * @source: Source of key

 * @data: The blob holding the key

 * @len: The length of the data blob

 *

 * Add a key to the platform keyring without checking its trust chain.  This

 * is available only during kernel initialisation.

 */

void __init add_to_platform_keyring(const char *source, const void *data,

				    size_t len)

{

	key_perm_t perm;

	int rc;

	perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW;

	rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len,

				 perm);

	if (rc)

		pr_info("Error adding keys to platform keyring %s\n", source);

}

/*

 * Create the trusted keyrings.

 */