summaryrefslogtreecommitdiffstats
path: root/certs
diff options
context:
space:
mode:
authorEric Snowberg <eric.snowberg@oracle.com>2022-01-26 03:58:30 +0100
committerJarkko Sakkinen <jarkko@kernel.org>2022-03-08 12:55:52 +0100
commit56edb6c25f11f25df153f4804f2d5bced2b49a9e (patch)
tree385a1e2f53f72f4c4ba2a198dcc8db85b1775784 /certs
parentintegrity: add new keyring handler for mok keys (diff)
downloadlinux-56edb6c25f11f25df153f4804f2d5bced2b49a9e.tar.xz
linux-56edb6c25f11f25df153f4804f2d5bced2b49a9e.zip
KEYS: store reference to machine keyring
Expose the .machine keyring created in integrity code by adding a reference. Store a reference to the machine keyring in system keyring code. The system keyring code needs this to complete the keyring link to the machine keyring. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'certs')
-rw-r--r--certs/system_keyring.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 692365dee2bd..08ea542c8096 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -22,6 +22,9 @@ static struct key *builtin_trusted_keys;
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
static struct key *secondary_trusted_keys;
#endif
+#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
+static struct key *machine_trusted_keys;
+#endif
#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
static struct key *platform_trusted_keys;
#endif
@@ -91,6 +94,12 @@ static __init struct key_restriction *get_builtin_and_secondary_restriction(void
return restriction;
}
#endif
+#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
+void __init set_machine_trusted_keys(struct key *keyring)
+{
+ machine_trusted_keys = keyring;
+}
+#endif
/*
* Create the trusted keyrings