diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-05-02 00:32:18 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-05-02 00:32:18 +0200 |
commit | e6f0bf09f0669b3c2cd77fa906830123279a0a21 (patch) | |
tree | 57aed6ff25d40e31f129b934403c7fac7a8cc8c8 /include | |
parent | Merge tag 'perf-tools-for-v5.13-2021-04-29' of git://git.kernel.org/pub/scm/l... (diff) | |
parent | ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies (diff) | |
download | linux-e6f0bf09f0669b3c2cd77fa906830123279a0a21.tar.xz linux-e6f0bf09f0669b3c2cd77fa906830123279a0a21.zip |
Merge tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull IMA updates from Mimi Zohar:
"In addition to loading the kernel module signing key onto the builtin
keyring, load it onto the IMA keyring as well.
Also six trivial changes and bug fixes"
* tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies
ima: Fix fall-through warnings for Clang
integrity: Add declarations to init_once void arguments.
ima: Fix function name error in comment.
ima: enable loading of build time generated key on .ima keyring
ima: enable signing of modules with build time generated key
keys: cleanup build time module signing keys
ima: Fix the error code for restoring the PCR value
ima: without an IMA policy loaded, return quickly
Diffstat (limited to 'include')
-rw-r--r-- | include/keys/system_keyring.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h index 875e002a4180..6acd3cf13a18 100644 --- a/include/keys/system_keyring.h +++ b/include/keys/system_keyring.h @@ -16,9 +16,16 @@ extern int restrict_link_by_builtin_trusted(struct key *keyring, const struct key_type *type, const union key_payload *payload, struct key *restriction_key); +extern __init int load_module_cert(struct key *keyring); #else #define restrict_link_by_builtin_trusted restrict_link_reject + +static inline __init int load_module_cert(struct key *keyring) +{ + return 0; +} + #endif #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING |