diff options
author | Ingo Molnar <mingo@kernel.org> | 2014-08-22 10:04:15 +0200 |
---|---|---|
committer | Ingo Molnar <mingo@kernel.org> | 2014-08-22 10:04:15 +0200 |
commit | 80b304fd00e8b667775ff791121b61ecd7cd0c03 (patch) | |
tree | b4f2ec59fe062c43343ee4c2f10a6bcd0e4dcd1b /Documentation/security/keys.txt | |
parent | x86_32, entry: Clean up sysenter_badsys declaration (diff) | |
parent | efi/arm64: Store Runtime Services revision (diff) | |
download | linux-dev-80b304fd00e8b667775ff791121b61ecd7cd0c03.tar.xz linux-dev-80b304fd00e8b667775ff791121b61ecd7cd0c03.zip |
Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent
Pull EFI fixes from Matt Fleming:
* WARN_ON(!spin_is_locked()) always triggers on non-SMP machines.
Swap it for the more canonical lockdep_assert_held() which always
does the right thing - Guenter Roeck
* Assign the correct value to efi.runtime_version on arm64 so that all
the runtime services can be invoked - Semen Protsenko
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'Documentation/security/keys.txt')
-rw-r--r-- | Documentation/security/keys.txt | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index a4c33f1a7c6d..8727c194ca16 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt @@ -1150,20 +1150,24 @@ The structure has a number of fields, some of which are mandatory: const void *data; size_t datalen; size_t quotalen; + time_t expiry; }; Before calling the method, the caller will fill in data and datalen with the payload blob parameters; quotalen will be filled in with the default - quota size from the key type and the rest will be cleared. + quota size from the key type; expiry will be set to TIME_T_MAX and the + rest will be cleared. If a description can be proposed from the payload contents, that should be attached as a string to the description field. This will be used for the key description if the caller of add_key() passes NULL or "". The method can attach anything it likes to type_data[] and payload. These - are merely passed along to the instantiate() or update() operations. + are merely passed along to the instantiate() or update() operations. If + set, the expiry time will be applied to the key if it is instantiated from + this data. - The method should return 0 if success ful or a negative error code + The method should return 0 if successful or a negative error code otherwise. @@ -1172,7 +1176,9 @@ The structure has a number of fields, some of which are mandatory: This method is only required if the preparse() method is provided, otherwise it is unused. It cleans up anything attached to the description, type_data and payload fields of the key_preparsed_payload - struct as filled in by the preparse() method. + struct as filled in by the preparse() method. It will always be called + after preparse() returns successfully, even if instantiate() or update() + succeed. (*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep); |