tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / keys / system_keyring.h
at v5.7-rc3 75 lines 2.0 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* System keyring containing trusted public keys. 3 * 4 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#ifndef _KEYS_SYSTEM_KEYRING_H 9#define _KEYS_SYSTEM_KEYRING_H 10 11#include <linux/key.h> 12 13#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING 14 15extern int restrict_link_by_builtin_trusted(struct key *keyring, 16 const struct key_type *type, 17 const union key_payload *payload, 18 struct key *restriction_key); 19 20#else 21#define restrict_link_by_builtin_trusted restrict_link_reject 22#endif 23 24#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING 25extern int restrict_link_by_builtin_and_secondary_trusted( 26 struct key *keyring, 27 const struct key_type *type, 28 const union key_payload *payload, 29 struct key *restriction_key); 30#else 31#define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted 32#endif 33 34#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING 35extern int mark_hash_blacklisted(const char *hash); 36extern int is_hash_blacklisted(const u8 *hash, size_t hash_len, 37 const char *type); 38extern int is_binary_blacklisted(const u8 *hash, size_t hash_len); 39#else 40static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len, 41 const char *type) 42{ 43 return 0; 44} 45 46static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len) 47{ 48 return 0; 49} 50#endif 51 52#ifdef CONFIG_IMA_BLACKLIST_KEYRING 53extern struct key *ima_blacklist_keyring; 54 55static inline struct key *get_ima_blacklist_keyring(void) 56{ 57 return ima_blacklist_keyring; 58} 59#else 60static inline struct key *get_ima_blacklist_keyring(void) 61{ 62 return NULL; 63} 64#endif /* CONFIG_IMA_BLACKLIST_KEYRING */ 65 66#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ 67 defined(CONFIG_SYSTEM_TRUSTED_KEYRING) 68extern void __init set_platform_trusted_keys(struct key *keyring); 69#else 70static inline void set_platform_trusted_keys(struct key *keyring) 71{ 72} 73#endif 74 75#endif /* _KEYS_SYSTEM_KEYRING_H */