20 static struct key *builtin_trusted_keys;
22 static struct key *secondary_trusted_keys;
25 static struct key *machine_trusted_keys;
28 static struct key *platform_trusted_keys;
38  * @type: The type of key being added.
39  * @payload: The payload of the new key.
42  * Restrict the addition of keys into a keyring based on the key-to-be-added
43  * being vouched for by a key in the built in system keyring.
45 int restrict_link_by_builtin_trusted(struct key *dest_keyring,
48 				     struct key *restriction_key)
55  * restrict_link_by_digsig_builtin - Restrict digitalSignature key additions by the built-in keyring
57  * @type: The type of key being added.
58  * @payload: The payload of the new key.
61  * Restrict the addition of keys into a keyring based on the key-to-be-added
62  * being vouched for by a key in the built in system keyring. The new key
65 int restrict_link_by_digsig_builtin(struct key *dest_keyring,
68 				    struct key *restriction_key)
79  * @type: The type of key being added.
80  * @payload: The payload of the new key.
83  * Restrict the addition of keys into a keyring based on the key-to-be-added
84  * being vouched for by a key in either the built-in or the secondary system
88 	struct key *dest_keyring,
91 	struct key *restrict_key)
109  * @type: The type of key being added.
110  * @payload: The payload of the new key.
113  * Restrict the addition of keys into a keyring based on the key-to-be-added
114  * being vouched for by a key in either the built-in or the secondary system
115  * keyrings. The new key must have the digitalSignature usage field set.
117 int restrict_link_by_digsig_builtin_and_secondary(struct key *dest_keyring,
120 						  struct key *restrict_key)
158  * @source: Source of key
159  * @data: The blob holding the key
162  * Add a key to the secondary keyring. The key must be vouched for by a key in the builtin,
167 	key_ref_t key;
172 	key = key_create_or_update(make_key_ref(secondary_trusted_keys, 1),
176 	if (IS_ERR(key)) {
178 		       source, PTR_ERR(key));
182 	pr_notice("Loaded X.509 cert '%s'\n", key_ref_to_ptr(key)->description);
183 	key_ref_put(key);
187 void __init set_machine_trusted_keys(struct key *keyring)
198  * @type: The type of key being added.
199  * @payload: The payload of the new key.
202  * Restrict the addition of keys into a keyring based on the key-to-be-added
203  * being vouched for by a key in either the built-in, the secondary, or
207 	struct key *dest_keyring,
210 	struct key *restrict_key)
265 __init int load_module_cert(struct key *keyring)
307  * @usage: The use to which the key is being put.
313 			     struct key *trusted_keys,
335 		pr_devel("PKCS#7 key is on revocation list\n");
362 			pr_devel("PKCS#7 signature not signed with a trusted key\n");
392  * @usage: The use to which the key is being put.
398 			   struct key *trusted_keys,
424 void __init set_platform_trusted_keys(struct key *keyring)

Indexes created Sat May 25 20:21:57 MDT 2024