From 9f3d191fcee01849c00fc99162b72a9292df5272 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 23 Jul 2013 15:22:45 -0400 Subject: [PATCH] Load kernel module signing keys before we start doing any real work. This loads kernel module signing keys, so that we can verify signed modules in secure boot mode. Signed-off-by: Peter Jones --- modules.d/03modsign/load-modsign-keys.sh | 13 +++++++++++ modules.d/03modsign/module-setup.sh | 28 ++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 modules.d/03modsign/load-modsign-keys.sh create mode 100644 modules.d/03modsign/module-setup.sh diff --git a/modules.d/03modsign/load-modsign-keys.sh b/modules.d/03modsign/load-modsign-keys.sh new file mode 100644 index 00000000..de2a1e9b --- /dev/null +++ b/modules.d/03modsign/load-modsign-keys.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh +# +# Licensed under the GPLv2 +# +# Copyright 2013 Red Hat, Inc. +# Peter Jones + +for x in /lib/modules/keys/* ; do + [ "${x}" = "/lib/modules/keys/*" ] && break + keyctl padd asymmetric "" @s < ${x} +done diff --git a/modules.d/03modsign/module-setup.sh b/modules.d/03modsign/module-setup.sh new file mode 100644 index 00000000..8831ad54 --- /dev/null +++ b/modules.d/03modsign/module-setup.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh +# +# Licensed under the GPLv2 +# +# Copyright 2013 Red Hat, Inc. +# Peter Jones + +check() { + [ -x /usr/bin/keyctl ] || return 1 + return 0 +} + +depends() { + return 0 +} + +install() { + inst_dir /lib/modules/keys + inst_binary /usr/bin/keyctl + + inst_hook initqueue/pre-trigger 01 "$moddir/load-modsign-keys.sh" + for x in /lib/modules/keys/* ; do + [ "${x}" = "/lib/modules/keys/*" ] && break + inst_simple ${x} + done +}