summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorKairui Song <kasong@redhat.com>2019-01-21 10:59:28 +0100
committerMimi Zohar <zohar@linux.ibm.com>2019-02-04 23:29:19 +0100
commit219a3e8676f3132d27b530c7d2d6bcab89536b57 (patch)
treea79baecc80144b604d059a6828057210c7a06b9e /include
parentLSM: SafeSetID: remove unused include (diff)
downloadlinux-219a3e8676f3132d27b530c7d2d6bcab89536b57.tar.xz
linux-219a3e8676f3132d27b530c7d2d6bcab89536b57.zip
integrity, KEYS: add a reference to platform keyring
commit 9dc92c45177a ("integrity: Define a trusted platform keyring") introduced a .platform keyring for storing preboot keys, used for verifying kernel image signatures. Currently only IMA-appraisal is able to use the keyring to verify kernel images that have their signature stored in xattr. This patch exposes the .platform keyring, making it accessible for verifying PE signed kernel images as well. Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Kairui Song <kasong@redhat.com> Cc: David Howells <dhowells@redhat.com> [zohar@linux.ibm.com: fixed checkpatch errors, squashed with patch fix] Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'include')
-rw-r--r--include/keys/system_keyring.h8
1 files changed, 8 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 359c2f936004..42a93eda331c 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -61,5 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
}
#endif /* CONFIG_IMA_BLACKLIST_KEYRING */
+#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
+ defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
+extern void __init set_platform_trusted_keys(struct key *keyring);
+#else
+static inline void set_platform_trusted_keys(struct key *keyring)
+{
+}
+#endif
#endif /* _KEYS_SYSTEM_KEYRING_H */