forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-10-09 244b2c5ca8b14627e4a17755e5922221e121c771 
 kernel/include/keys/system_keyring.h
....@@ -1,12 +1,8 @@
1
+/* SPDX-License-Identifier: GPL-2.0-or-later */
12 /* System keyring containing trusted public keys.
23  *
34  * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
45  * Written by David Howells (dhowells@redhat.com)
5
- *
6
- * This program is free software; you can redistribute it and/or
7
- * modify it under the terms of the GNU General Public Licence
8
- * as published by the Free Software Foundation; either version
9
- * 2 of the Licence, or (at your option) any later version.
106  */
117 
128 #ifndef _KEYS_SYSTEM_KEYRING_H
....@@ -35,15 +31,36 @@
3531 #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
3632 #endif
3733 
34
+extern struct pkcs7_message *pkcs7;
3835 #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
3936 extern int mark_hash_blacklisted(const char *hash);
4037 extern int is_hash_blacklisted(const u8 *hash, size_t hash_len,
4138 			       const char *type);
39
+extern int is_binary_blacklisted(const u8 *hash, size_t hash_len);
4240 #else
4341 static inline int is_hash_blacklisted(const u8 *hash, size_t hash_len,
4442 				      const char *type)
4543 {
4644 	return 0;
45
+}
46
+
47
+static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len)
48
+{
49
+	return 0;
50
+}
51
+#endif
52
+
53
+#ifdef CONFIG_SYSTEM_REVOCATION_LIST
54
+extern int add_key_to_revocation_list(const char *data, size_t size);
55
+extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7);
56
+#else
57
+static inline int add_key_to_revocation_list(const char *data, size_t size)
58
+{
59
+	return 0;
60
+}
61
+static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7)
62
+{
63
+	return -ENOKEY;
4764 }
4865 #endif
4966 
....@@ -61,5 +78,13 @@
6178 }
6279 #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
6380 
81
+#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
82
+	defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
83
+extern void __init set_platform_trusted_keys(struct key *keyring);
84
+#else
85
+static inline void set_platform_trusted_keys(struct key *keyring)
86
+{
87
+}
88
+#endif
6489 
6590 #endif /* _KEYS_SYSTEM_KEYRING_H */