From: Nayna Jain <nayna@linux.ibm.com>
To: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org
Cc: dhowells@redhat.com, zohar@linux.ibm.com, jarkko@kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, dimitri.ledkov@canonical.com,
seth@forshee.me, rnsastry@linux.ibm.com, masahiroy@kernel.org,
Nayna Jain <nayna@linux.ibm.com>
Subject: [PATCH v12 1/4] certs: export load_certificate_list() to be used outside certs/
Date: Fri, 11 Mar 2022 16:03:41 -0500 [thread overview]
Message-ID: <20220311210344.102396-2-nayna@linux.ibm.com> (raw)
In-Reply-To: <20220311210344.102396-1-nayna@linux.ibm.com>
load_certificate_list() parses certificates embedded in the kernel
image to load them onto the keyring.
Commit "2565ca7f5ec1 (certs: Move load_system_certificate_list to a common
function)" made load_certificate_list() a common function in the certs/
directory. Export load_certificate_list() outside certs/ to be used by
load_platform_certificate_list() for loading compiled in platform keys
onto the .platform keyring at boot time.
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
---
certs/Makefile | 5 +++--
certs/blacklist.c | 1 -
certs/common.c | 2 +-
certs/common.h | 9 ---------
certs/system_keyring.c | 1 -
include/keys/system_keyring.h | 6 ++++++
6 files changed, 10 insertions(+), 14 deletions(-)
delete mode 100644 certs/common.h
diff --git a/certs/Makefile b/certs/Makefile
index 3ea7fe60823f..b92b6ff339d5 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -3,8 +3,9 @@
# Makefile for the linux kernel signature checking certificates.
#
-obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o
-obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o
+obj-$(CONFIG_KEYS) += common.o
+obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
+obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o
obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o
ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),)
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
diff --git a/certs/blacklist.c b/certs/blacklist.c
index c9a435b15af4..b95e9b19c42f 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -17,7 +17,6 @@
#include <linux/uidgid.h>
#include <keys/system_keyring.h>
#include "blacklist.h"
-#include "common.h"
static struct key *blacklist_keyring;
diff --git a/certs/common.c b/certs/common.c
index 16a220887a53..41f763415a00 100644
--- a/certs/common.c
+++ b/certs/common.c
@@ -2,7 +2,7 @@
#include <linux/kernel.h>
#include <linux/key.h>
-#include "common.h"
+#include <keys/system_keyring.h>
int load_certificate_list(const u8 cert_list[],
const unsigned long list_size,
diff --git a/certs/common.h b/certs/common.h
deleted file mode 100644
index abdb5795936b..000000000000
--- a/certs/common.h
+++ /dev/null
@@ -1,9 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-or-later */
-
-#ifndef _CERT_COMMON_H
-#define _CERT_COMMON_H
-
-int load_certificate_list(const u8 cert_list[], const unsigned long list_size,
- const struct key *keyring);
-
-#endif
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 05b66ce9d1c9..2ae1b2e34375 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -16,7 +16,6 @@
#include <keys/asymmetric-type.h>
#include <keys/system_keyring.h>
#include <crypto/pkcs7.h>
-#include "common.h"
static struct key *builtin_trusted_keys;
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 2419a735420f..35babdc45689 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -10,6 +10,12 @@
#include <linux/key.h>
+#ifdef CONFIG_KEYS
+int load_certificate_list(const u8 cert_list[],
+ const unsigned long list_size,
+ const struct key *keyring);
+#endif
+
#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
extern int restrict_link_by_builtin_trusted(struct key *keyring,
--
2.34.1
next prev parent reply other threads:[~2022-03-11 22:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-11 21:03 [PATCH v12 0/4] integrity: support including firmware ".platform" keys at build time Nayna Jain
2022-03-11 21:03 ` Nayna Jain [this message]
2022-03-20 21:10 ` [PATCH v12 1/4] certs: export load_certificate_list() to be used outside certs/ Jarkko Sakkinen
2022-03-11 21:03 ` [PATCH v12 2/4] integrity: make integrity_keyring_from_id() non-static Nayna Jain
2022-03-11 21:03 ` [PATCH v12 3/4] Revert "certs: move scripts/extract-cert to certs/" Nayna Jain
2022-03-14 13:42 ` Nayna
2022-03-11 21:03 ` [PATCH v12 4/4] integrity: support including firmware ".platform" keys at build time Nayna Jain
2022-03-12 2:42 ` [PATCH v12 0/4] " Nageswara Sastry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220311210344.102396-2-nayna@linux.ibm.com \
--to=nayna@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=dimitri.ledkov@canonical.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=rnsastry@linux.ibm.com \
--cc=seth@forshee.me \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.