From: Peter Jones <pjones@redhat.com>
Date: Tue, 23 Jul 2013 19:22:45 +0000 (-0400)
Subject: Load kernel module signing keys before we start doing any real work.
X-Git-Tag: 031~35
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9f3d191fcee01849c00fc99162b72a9292df5272;p=thirdparty%2Fdracut.git

Load kernel module signing keys before we start doing any real work.

This loads kernel module signing keys, so that we can verify signed
modules in secure boot mode.

Signed-off-by: Peter Jones <pjones@redhat.com>
---

diff --git a/modules.d/03modsign/load-modsign-keys.sh b/modules.d/03modsign/load-modsign-keys.sh
new file mode 100644
index 000000000..de2a1e9ba
--- /dev/null
+++ b/modules.d/03modsign/load-modsign-keys.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+#
+# Licensed under the GPLv2
+#
+# Copyright 2013 Red Hat, Inc.
+# Peter Jones <pjones@redhat.com>
+
+for x in /lib/modules/keys/* ; do
+    [ "${x}" = "/lib/modules/keys/*" ] && break
+    keyctl padd asymmetric "" @s < ${x}
+done
diff --git a/modules.d/03modsign/module-setup.sh b/modules.d/03modsign/module-setup.sh
new file mode 100644
index 000000000..8831ad548
--- /dev/null
+++ b/modules.d/03modsign/module-setup.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+#
+# Licensed under the GPLv2
+#
+# Copyright 2013 Red Hat, Inc.
+# Peter Jones <pjones@redhat.com>
+
+check() {
+    [ -x /usr/bin/keyctl ] || return 1
+    return 0
+}
+
+depends() {
+    return 0
+}
+
+install() {
+    inst_dir /lib/modules/keys
+    inst_binary /usr/bin/keyctl
+
+    inst_hook initqueue/pre-trigger 01 "$moddir/load-modsign-keys.sh"
+    for x in /lib/modules/keys/* ; do
+        [ "${x}" = "/lib/modules/keys/*" ] && break
+        inst_simple ${x}
+    done
+}