diff options
| author | James Morris <james.morris@microsoft.com> | 2019-02-14 10:55:42 -0800 |
|---|---|---|
| committer | James Morris <james.morris@microsoft.com> | 2019-02-14 10:55:42 -0800 |
| commit | 2e884fc9759d8816630d3c30694721a39b7396e0 (patch) | |
| tree | 83c213634f69eec583f1d4ca7234e78ccf367435 /include/keys | |
| parent | e7a44cfd639945a0dec749f896adc1d340c2a6aa (diff) | |
| parent | e7fde070f39bc058c356cf366cb17ac2d643abb0 (diff) | |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity
From: Mimi Zohar <zohar@linux.ibm.com>
Linux 5.0 introduced the platform keyring to allow verifying the IMA
kexec kernel image signature using the pre-boot keys. This pull
request similarly makes keys on the platform keyring accessible for
verifying the PE kernel image signature.*
Also included in this pull request is a new IMA hook that tags tmp
files, in policy, indicating the file hash needs to be calculated.
The remaining patches are cleanup.
*Upstream commit "993a110319a4 (x86/kexec: Fix a kexec_file_load()
failure)" is required for testing.
Diffstat (limited to 'include/keys')
| -rw-r--r-- | include/keys/system_keyring.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h index 359c2f936004..42a93eda331c 100644 --- a/include/keys/system_keyring.h +++ b/include/keys/system_keyring.h @@ -61,5 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void) } #endif /* CONFIG_IMA_BLACKLIST_KEYRING */ +#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ + defined(CONFIG_SYSTEM_TRUSTED_KEYRING) +extern void __init set_platform_trusted_keys(struct key *keyring); +#else +static inline void set_platform_trusted_keys(struct key *keyring) +{ +} +#endif #endif /* _KEYS_SYSTEM_KEYRING_H */ |