Skip to content
Navigation Menu
Toggle navigation
Sign in
In this repository
All GitHub Enterprise
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub Enterprise
↵
Jump to
↵
In this organization
All GitHub Enterprise
↵
Jump to
↵
In this repository
All GitHub Enterprise
↵
Jump to
↵
Sign in
Reseting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
mariux64
/
linux
Public
Notifications
You must be signed in to change notification settings
Fork
0
Star
0
Code
Issues
1
Pull requests
0
Actions
Projects
0
Wiki
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights
Files
087aa4e
Documentation
LICENSES
arch
block
certs
crypto
drivers
fs
include
acpi
asm-generic
clocksource
crypto
drm
dt-bindings
keys
asymmetric-parser.h
asymmetric-subtype.h
asymmetric-type.h
big_key-type.h
ceph-type.h
dns_resolver-type.h
encrypted-type.h
keyring-type.h
request_key_auth-type.h
rxrpc-type.h
system_keyring.h
trusted-type.h
trusted_tee.h
trusted_tpm.h
user-type.h
kunit
kvm
linux
math-emu
media
memory
misc
net
pcmcia
ras
rdma
scsi
soc
sound
target
trace
uapi
vdso
video
xen
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README
Breadcrumbs
linux
/
include
/
keys
/
system_keyring.h
Blame
Blame
Latest commit
History
History
111 lines (95 loc) · 2.9 KB
Breadcrumbs
linux
/
include
/
keys
/
system_keyring.h
Top
File metadata and controls
Code
Blame
111 lines (95 loc) · 2.9 KB
Raw
/* SPDX-License-Identifier: GPL-2.0-or-later */ /* System keyring containing trusted public keys. * * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) */ #ifndef _KEYS_SYSTEM_KEYRING_H #define _KEYS_SYSTEM_KEYRING_H #include <linux/key.h> #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING extern int restrict_link_by_builtin_trusted(struct key *keyring, const struct key_type *type, const union key_payload *payload, struct key *restriction_key); extern __init int load_module_cert(struct key *keyring); #else #define restrict_link_by_builtin_trusted restrict_link_reject static inline __init int load_module_cert(struct key *keyring) { return 0; } #endif #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING extern int restrict_link_by_builtin_and_secondary_trusted( struct key *keyring, const struct key_type *type, const union key_payload *payload, struct key *restriction_key); #else #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted #endif #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING extern int restrict_link_by_builtin_secondary_and_machine( struct key *dest_keyring, const struct key_type *type, const union key_payload *payload, struct key *restrict_key); extern void __init set_machine_trusted_keys(struct key *keyring); #else #define restrict_link_by_builtin_secondary_and_machine restrict_link_by_builtin_trusted static inline void __init set_machine_trusted_keys(struct key *keyring) { } #endif extern struct pkcs7_message *pkcs7; #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING extern int mark_hash_blacklisted(const char *hash); extern int is_hash_blacklisted(const u8 *hash, size_t hash_len, const char *type); extern int is_binary_blacklisted(const u8 *hash, size_t hash_len); #else static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len, const char *type) { return 0; } static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len) { return 0; } #endif #ifdef CONFIG_SYSTEM_REVOCATION_LIST extern int add_key_to_revocation_list(const char *data, size_t size); extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7); #else static inline int add_key_to_revocation_list(const char *data, size_t size) { return 0; } static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7) { return -ENOKEY; } #endif #ifdef CONFIG_IMA_BLACKLIST_KEYRING extern struct key *ima_blacklist_keyring; static inline struct key *get_ima_blacklist_keyring(void) { return ima_blacklist_keyring; } #else static inline struct key *get_ima_blacklist_keyring(void) { return NULL; } #endif /* CONFIG_IMA_BLACKLIST_KEYRING */ #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ defined(CONFIG_SYSTEM_TRUSTED_KEYRING) extern void __init set_platform_trusted_keys(struct key *keyring); #else static inline void set_platform_trusted_keys(struct key *keyring) { } #endif #endif /* _KEYS_SYSTEM_KEYRING_H */
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
You can’t perform that action at this time.