KEYS: store reference to machine keyring

Expose the .machine keyring created in integrity code by adding a reference. Store a reference to the machine keyring in system keyring code. The system keyring code needs this to complete the keyring link to the machine keyring. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
author: Eric Snowberg <eric.snowberg@oracle.com> 2022-01-25 21:58:30 -0500
committer: Jarkko Sakkinen <jarkko@kernel.org> 2022-03-08 13:55:52 +0200
commit: 56edb6c25f11f25df153f4804f2d5bced2b49a9e (patch)
tree: 385a1e2f53f72f4c4ba2a198dcc8db85b1775784 /include/keys
parent: 45fcd5e521cd0903bab05f59ad013c5d150f4e3b (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 6acd3cf13a18..98c9b10cdc17 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -38,6 +38,14 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
 #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
 #endif
 
+#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
+extern void __init set_machine_trusted_keys(struct key *keyring);
+#else
+static inline void __init set_machine_trusted_keys(struct key *keyring)
+{
+}
+#endif
+
 extern struct pkcs7_message *pkcs7;
 #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
 extern int mark_hash_blacklisted(const char *hash);
author	Eric Snowberg <eric.snowberg@oracle.com>	2022-01-25 21:58:30 -0500
committer	Jarkko Sakkinen <jarkko@kernel.org>	2022-03-08 13:55:52 +0200
commit	56edb6c25f11f25df153f4804f2d5bced2b49a9e (patch)
tree	385a1e2f53f72f4c4ba2a198dcc8db85b1775784 /include/keys
parent	45fcd5e521cd0903bab05f59ad013c5d150f4e3b (diff)