xref: /openbmc/linux/include/keys/system_keyring.h (revision 3aa139aa9fdc138a84243dc49dc18d9b40e1c6e4) 
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* System keyring containing trusted public keys.
3  *
4  * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #ifndef _KEYS_SYSTEM_KEYRING_H
9 #define _KEYS_SYSTEM_KEYRING_H
10 
11 #include <linux/key.h>
12 
13 #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
14 
15 extern int restrict_link_by_builtin_trusted(struct key *keyring,
16 					    const struct key_type *type,
17 					    const union key_payload *payload,
18 					    struct key *restriction_key);
19 
20 #else
21 #define restrict_link_by_builtin_trusted restrict_link_reject
22 #endif
23 
24 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
25 extern int restrict_link_by_builtin_and_secondary_trusted(
26 	struct key *keyring,
27 	const struct key_type *type,
28 	const union key_payload *payload,
29 	struct key *restriction_key);
30 #else
31 #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
32 #endif
33 
34 extern struct pkcs7_message *pkcs7;
35 #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
36 extern int mark_hash_blacklisted(const char *hash);
37 extern int is_hash_blacklisted(const u8 *hash, size_t hash_len,
38 			       const char *type);
39 extern int is_binary_blacklisted(const u8 *hash, size_t hash_len);
40 #else
41 static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len,
42 				      const char *type)
43 {
44 	return 0;
45 }
46 
47 static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len)
48 {
49 	return 0;
50 }
51 #endif
52 
53 #ifdef CONFIG_SYSTEM_REVOCATION_LIST
54 extern int add_key_to_revocation_list(const char *data, size_t size);
55 extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7);
56 #else
57 static inline int add_key_to_revocation_list(const char *data, size_t size)
58 {
59 	return 0;
60 }
61 static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7)
62 {
63 	return -ENOKEY;
64 }
65 #endif
66 
67 #ifdef CONFIG_IMA_BLACKLIST_KEYRING
68 extern struct key *ima_blacklist_keyring;
69 
70 static inline struct key *get_ima_blacklist_keyring(void)
71 {
72 	return ima_blacklist_keyring;
73 }
74 #else
75 static inline struct key *get_ima_blacklist_keyring(void)
76 {
77 	return NULL;
78 }
79 #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
80 
81 #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
82 	defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
83 extern void __init set_platform_trusted_keys(struct key *keyring);
84 #else
85 static inline void set_platform_trusted_keys(struct key *keyring)
86 {
87 }
88 #endif
89 
90 #endif /* _KEYS_SYSTEM_KEYRING_H */
91