security/integrity/platform_certs/load_powerpc.c
Source file repositories/reference/linux-study-clean/security/integrity/platform_certs/load_powerpc.c
File Facts
- System
- Linux kernel
- Corpus path
security/integrity/platform_certs/load_powerpc.c- Extension
.c- Size
- 4122 bytes
- Lines
- 161
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
Dependency Surface
linux/kernel.hlinux/sched.hlinux/cred.hlinux/err.hlinux/slab.hasm/secure_boot.hasm/secvar.hkeyring_handler.h../integrity.h
Detected Declarations
function load_powerpc_certsfunction strcmp
Annotated Snippet
strcmp("ibm,plpks-sb-v0", buf)) {
pr_err("Unsupported secvar implementation \"%s\", not loading certs\n", buf);
return -ENODEV;
}
if (strcmp("ibm,plpks-sb-v1", buf) == 0 || strcmp("ibm,plpks-sb-v0", buf) == 0)
/* PLPKS authenticated variables ESL data is prefixed with 8 bytes of timestamp */
offset = 8;
/*
* Get db, and dbx. They might not exist, so it isn't an error if we
* can't get them.
*/
data = get_cert_list("db", 3, &dsize);
if (!data) {
pr_info("Couldn't get db list from firmware\n");
} else if (IS_ERR(data)) {
rc = PTR_ERR(data);
pr_err("Error reading db from firmware: %d\n", rc);
return rc;
} else {
extract_esl(db, data, dsize, offset);
rc = parse_efi_signature_list("powerpc:db", db, dsize,
get_handler_for_db);
if (rc)
pr_err("Couldn't parse db signatures: %d\n", rc);
kfree(data);
}
data = get_cert_list("dbx", 4, &dsize);
if (!data) {
pr_info("Couldn't get dbx list from firmware\n");
} else if (IS_ERR(data)) {
rc = PTR_ERR(data);
pr_err("Error reading dbx from firmware: %d\n", rc);
return rc;
} else {
extract_esl(dbx, data, dsize, offset);
rc = parse_efi_signature_list("powerpc:dbx", dbx, dsize,
get_handler_for_dbx);
if (rc)
pr_err("Couldn't parse dbx signatures: %d\n", rc);
kfree(data);
}
data = get_cert_list("trustedcadb", 12, &dsize);
if (!data) {
pr_info("Couldn't get trustedcadb list from firmware\n");
} else if (IS_ERR(data)) {
rc = PTR_ERR(data);
pr_err("Error reading trustedcadb from firmware: %d\n", rc);
} else {
extract_esl(trustedca, data, dsize, offset);
rc = parse_efi_signature_list("powerpc:trustedca", trustedca, dsize,
get_handler_for_ca_keys);
if (rc)
pr_err("Couldn't parse trustedcadb signatures: %d\n", rc);
kfree(data);
}
data = get_cert_list("moduledb", 9, &dsize);
if (!data) {
pr_info("Couldn't get moduledb list from firmware\n");
} else if (IS_ERR(data)) {
rc = PTR_ERR(data);
pr_err("Error reading moduledb from firmware: %d\n", rc);
} else {
extract_esl(moduledb, data, dsize, offset);
rc = parse_efi_signature_list("powerpc:moduledb", moduledb, dsize,
get_handler_for_code_signing_keys);
if (rc)
pr_err("Couldn't parse moduledb signatures: %d\n", rc);
kfree(data);
}
return rc;
}
late_initcall(load_powerpc_certs);
Annotation
- Immediate include surface: `linux/kernel.h`, `linux/sched.h`, `linux/cred.h`, `linux/err.h`, `linux/slab.h`, `asm/secure_boot.h`, `asm/secvar.h`, `keyring_handler.h`.
- Detected declarations: `function load_powerpc_certs`, `function strcmp`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.