diff options
| author | Mimi Zohar | 2013-08-13 14:47:43 +0200 |
|---|---|---|
| committer | Mimi Zohar | 2013-11-01 01:20:48 +0100 |
| commit | 217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241 (patch) | |
| tree | 3a8a39da527431153698fc73640db47e8a1bd43a /security/integrity/integrity.h | |
| parent | ima: extend the measurement list to include the file signature (diff) | |
| download | kernel-qcow2-linux-217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241.tar.gz kernel-qcow2-linux-217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241.tar.xz kernel-qcow2-linux-217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241.zip | |
ima: define '_ima' as a builtin 'trusted' keyring
Require all keys added to the IMA keyring be signed by an
existing trusted key on the system trusted keyring.
Changelog:
- define stub integrity_init_keyring() function (reported-by Fengguang Wu)
- differentiate between regular and trusted keyring names.
- replace printk with pr_info (D. Kasatkin)
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
| -rw-r--r-- | security/integrity/integrity.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 2fb5e53e927f..b9e7c133734a 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -137,12 +137,19 @@ static inline int integrity_digsig_verify(const unsigned int id, #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS int asymmetric_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen); + +int integrity_init_keyring(const unsigned int id); #else static inline int asymmetric_verify(struct key *keyring, const char *sig, int siglen, const char *data, int datalen) { return -EOPNOTSUPP; } + +static int integrity_init_keyring(const unsigned int id) +{ + return 0; +} #endif #ifdef CONFIG_INTEGRITY_AUDIT |