1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* System keyring containing trusted public keys. 3 * 4 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #ifndef _KEYS_SYSTEM_KEYRING_H 9 #define _KEYS_SYSTEM_KEYRING_H 10 11 #include <linux/key.h> 12 13 #ifdef CONFIG_SYSTEM_TRUSTED_KEYRING 14 15 extern int restrict_link_by_builtin_trusted(struct key *keyring, 16 const struct key_type *type, 17 const union key_payload *payload, 18 struct key *restriction_key); 19 20 #else 21 #define restrict_link_by_builtin_trusted restrict_link_reject 22 #endif 23 24 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING 25 extern int restrict_link_by_builtin_and_secondary_trusted( 26 struct key *keyring, 27 const struct key_type *type, 28 const union key_payload *payload, 29 struct key *restriction_key); 30 #else 31 #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted 32 #endif 33 34 #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING 35 extern int mark_hash_blacklisted(const char *hash); 36 extern int is_hash_blacklisted(const u8 *hash, size_t hash_len, 37 const char *type); 38 #else 39 static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len, 40 const char *type) 41 { 42 return 0; 43 } 44 #endif 45 46 #ifdef CONFIG_IMA_BLACKLIST_KEYRING 47 extern struct key *ima_blacklist_keyring; 48 49 static inline struct key *get_ima_blacklist_keyring(void) 50 { 51 return ima_blacklist_keyring; 52 } 53 #else 54 static inline struct key *get_ima_blacklist_keyring(void) 55 { 56 return NULL; 57 } 58 #endif /* CONFIG_IMA_BLACKLIST_KEYRING */ 59 60 #if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \ 61 defined(CONFIG_SYSTEM_TRUSTED_KEYRING) 62 extern void __init set_platform_trusted_keys(struct key *keyring); 63 #else 64 static inline void set_platform_trusted_keys(struct key *keyring) 65 { 66 } 67 #endif 68 69 #endif /* _KEYS_SYSTEM_KEYRING_H */ 70