summaryrefslogtreecommitdiff
path: root/include/keys
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2021-05-02 01:32:18 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2021-05-02 01:32:18 +0300
commite6f0bf09f0669b3c2cd77fa906830123279a0a21 (patch)
tree57aed6ff25d40e31f129b934403c7fac7a8cc8c8 /include/keys
parent10a3efd0fee5e881b1866cf45950808575cb0f24 (diff)
parent781a5739489949fd0f32432a9da17f7ddbccf1cc (diff)
downloadlinux-e6f0bf09f0669b3c2cd77fa906830123279a0a21.tar.xz
Merge tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull IMA updates from Mimi Zohar: "In addition to loading the kernel module signing key onto the builtin keyring, load it onto the IMA keyring as well. Also six trivial changes and bug fixes" * tag 'integrity-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies ima: Fix fall-through warnings for Clang integrity: Add declarations to init_once void arguments. ima: Fix function name error in comment. ima: enable loading of build time generated key on .ima keyring ima: enable signing of modules with build time generated key keys: cleanup build time module signing keys ima: Fix the error code for restoring the PCR value ima: without an IMA policy loaded, return quickly
Diffstat (limited to 'include/keys')
-rw-r--r--include/keys/system_keyring.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 875e002a4180..6acd3cf13a18 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -16,9 +16,16 @@ extern int restrict_link_by_builtin_trusted(struct key *keyring,
const struct key_type *type,
const union key_payload *payload,
struct key *restriction_key);
+extern __init int load_module_cert(struct key *keyring);
#else
#define restrict_link_by_builtin_trusted restrict_link_reject
+
+static inline __init int load_module_cert(struct key *keyring)
+{
+ return 0;
+}
+
#endif
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING