[PATCH v3 08/14] KEYS: add a reference to mok keyring
Eric Snowberg
eric.snowberg at oracle.com
Thu Aug 12 02:18:49 UTC 2021
Expose the .mok keyring created in integrity code by adding
a reference. This makes the mok keyring accessible for keyring
restrictions in the future.
Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
---
v2: Initial version
v3: set_mok_trusted_keys only available when secondary is enabled
---
certs/system_keyring.c | 5 +++++
include/keys/system_keyring.h | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 692365dee2bd..2baf5447b116 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -21,6 +21,7 @@
static struct key *builtin_trusted_keys;
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
static struct key *secondary_trusted_keys;
+static struct key *mok_trusted_keys;
#endif
#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
static struct key *platform_trusted_keys;
@@ -90,6 +91,10 @@ static __init struct key_restriction *get_builtin_and_secondary_restriction(void
return restriction;
}
+void __init set_mok_trusted_keys(struct key *keyring)
+{
+ mok_trusted_keys = keyring;
+}
#endif
/*
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 6acd3cf13a18..4fe9cca58685 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -34,8 +34,12 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
const struct key_type *type,
const union key_payload *payload,
struct key *restriction_key);
+extern void __init set_mok_trusted_keys(struct key *keyring);
#else
#define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
+static inline void __init set_mok_trusted_keys(struct key *keyring)
+{
+}
#endif
extern struct pkcs7_message *pkcs7;
--
2.18.4
More information about the Linux-security-module-archive
mailing list