xref: /openbmc/linux/include/keys/system_keyring.h (revision 56edb6c2) 
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /* System keyring containing trusted public keys.
3  *
4  * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #ifndef _KEYS_SYSTEM_KEYRING_H
9 #define _KEYS_SYSTEM_KEYRING_H
10 
11 #include <linux/key.h>
12 
13 #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
14 
15 extern int restrict_link_by_builtin_trusted(struct key *keyring,
16 					    const struct key_type *type,
17 					    const union key_payload *payload,
18 					    struct key *restriction_key);
19 extern __init int load_module_cert(struct key *keyring);
20 
21 #else
22 #define restrict_link_by_builtin_trusted restrict_link_reject
23 
24 static inline __init int load_module_cert(struct key *keyring)
25 {
26 	return 0;
27 }
28 
29 #endif
30 
31 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
32 extern int restrict_link_by_builtin_and_secondary_trusted(
33 	struct key *keyring,
34 	const struct key_type *type,
35 	const union key_payload *payload,
36 	struct key *restriction_key);
37 #else
38 #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
39 #endif
40 
41 #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
42 extern void __init set_machine_trusted_keys(struct key *keyring);
43 #else
44 static inline void __init set_machine_trusted_keys(struct key *keyring)
45 {
46 }
47 #endif
48 
49 extern struct pkcs7_message *pkcs7;
50 #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
51 extern int mark_hash_blacklisted(const char *hash);
52 extern int is_hash_blacklisted(const u8 *hash, size_t hash_len,
53 			       const char *type);
54 extern int is_binary_blacklisted(const u8 *hash, size_t hash_len);
55 #else
56 static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len,
57 				      const char *type)
58 {
59 	return 0;
60 }
61 
62 static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len)
63 {
64 	return 0;
65 }
66 #endif
67 
68 #ifdef CONFIG_SYSTEM_REVOCATION_LIST
69 extern int add_key_to_revocation_list(const char *data, size_t size);
70 extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7);
71 #else
72 static inline int add_key_to_revocation_list(const char *data, size_t size)
73 {
74 	return 0;
75 }
76 static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7)
77 {
78 	return -ENOKEY;
79 }
80 #endif
81 
82 #ifdef CONFIG_IMA_BLACKLIST_KEYRING
83 extern struct key *ima_blacklist_keyring;
84 
85 static inline struct key *get_ima_blacklist_keyring(void)
86 {
87 	return ima_blacklist_keyring;
88 }
89 #else
90 static inline struct key *get_ima_blacklist_keyring(void)
91 {
92 	return NULL;
93 }
94 #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
95 
96 #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
97 	defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
98 extern void __init set_platform_trusted_keys(struct key *keyring);
99 #else
100 static inline void set_platform_trusted_keys(struct key *keyring)
101 {
102 }
103 #endif
104 
105 #endif /* _KEYS_SYSTEM_KEYRING_H */
106