diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-08-13 14:47:43 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-11-01 01:20:48 +0100 |
commit | 217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241 (patch) | |
tree | 3a8a39da527431153698fc73640db47e8a1bd43a /security/integrity/integrity.h | |
parent | ima: extend the measurement list to include the file signature (diff) | |
download | linux-217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241.tar.xz linux-217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241.zip |
ima: define '_ima' as a builtin 'trusted' keyring
Require all keys added to the IMA keyring be signed by an
existing trusted key on the system trusted keyring.
Changelog:
- define stub integrity_init_keyring() function (reported-by Fengguang Wu)
- differentiate between regular and trusted keyring names.
- replace printk with pr_info (D. Kasatkin)
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r-- | security/integrity/integrity.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 2fb5e53e927f..b9e7c133734a 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -137,12 +137,19 @@ static inline int integrity_digsig_verify(const unsigned int id, #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS int asymmetric_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen); + +int integrity_init_keyring(const unsigned int id); #else static inline int asymmetric_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen) { return -EOPNOTSUPP; } + +static int integrity_init_keyring(const unsigned int id) +{ + return 0; +} #endif #ifdef CONFIG_INTEGRITY_AUDIT |