Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/* System keyring containing trusted public keys.
3 *
4 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8#ifndef _KEYS_SYSTEM_KEYRING_H
9#define _KEYS_SYSTEM_KEYRING_H
10
11#include <linux/key.h>
12
13#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
14
15extern int restrict_link_by_builtin_trusted(struct key *keyring,
16 const struct key_type *type,
17 const union key_payload *payload,
18 struct key *restriction_key);
19
20#else
21#define restrict_link_by_builtin_trusted restrict_link_reject
22#endif
23
24#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
25extern int restrict_link_by_builtin_and_secondary_trusted(
26 struct key *keyring,
27 const struct key_type *type,
28 const union key_payload *payload,
29 struct key *restriction_key);
30#else
31#define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
32#endif
33
34#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
35extern int mark_hash_blacklisted(const char *hash);
36extern int is_hash_blacklisted(const u8 *hash, size_t hash_len,
37 const char *type);
38#else
39static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len,
40 const char *type)
41{
42 return 0;
43}
44#endif
45
46#ifdef CONFIG_IMA_BLACKLIST_KEYRING
47extern struct key *ima_blacklist_keyring;
48
49static inline struct key *get_ima_blacklist_keyring(void)
50{
51 return ima_blacklist_keyring;
52}
53#else
54static inline struct key *get_ima_blacklist_keyring(void)
55{
56 return NULL;
57}
58#endif /* CONFIG_IMA_BLACKLIST_KEYRING */
59
60#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
61 defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
62extern void __init set_platform_trusted_keys(struct key *keyring);
63#else
64static inline void set_platform_trusted_keys(struct key *keyring)
65{
66}
67#endif
68
69#endif /* _KEYS_SYSTEM_KEYRING_H */