diff options
author | Dmitry Kasatkin <dmitry.kasatkin@huawei.com> | 2015-10-22 20:26:32 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-12-15 14:53:36 +0100 |
commit | 7626676320f398980a6bb4490fd58e924c888f6a (patch) | |
tree | bb852548419b70be34dc7f32765d70bd94cd8bbb /include | |
parent | evm: enable EVM when X509 certificate is loaded (diff) | |
download | linux-7626676320f398980a6bb4490fd58e924c888f6a.tar.xz linux-7626676320f398980a6bb4490fd58e924c888f6a.zip |
evm: provide a function to set the EVM key from the kernel
A crypto HW kernel module can possibly initialize the EVM key from the
kernel __init code to enable EVM before calling the 'init' process.
This patch provides a function evm_set_key() to set the EVM key
directly without using the KEY subsystem.
Changes in v4:
* kernel-doc style for evm_set_key
Changes in v3:
* error reporting moved to evm_set_key
* EVM_INIT_HMAC moved to evm_set_key
* added bitop to prevent key setting race
Changes in v2:
* use size_t for key size instead of signed int
* provide EVM_MAX_KEY_SIZE macro in <linux/evm.h>
* provide EVM_MIN_KEY_SIZE macro in <linux/evm.h>
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/evm.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/evm.h b/include/linux/evm.h index 1fcb88ca88de..35ed9a8a403a 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -14,6 +14,7 @@ struct integrity_iint_cache; #ifdef CONFIG_EVM +extern int evm_set_key(void *key, size_t keylen); extern enum integrity_status evm_verifyxattr(struct dentry *dentry, const char *xattr_name, void *xattr_value, @@ -42,6 +43,12 @@ static inline int posix_xattr_acl(const char *xattrname) } #endif #else + +static inline int evm_set_key(void *key, size_t keylen) +{ + return -EOPNOTSUPP; +} + #ifdef CONFIG_INTEGRITY static inline enum integrity_status evm_verifyxattr(struct dentry *dentry, const char *xattr_name, |