diff options
| author |   David Howells <dhowells@redhat.com> | 2013-08-30 16:07:37 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2013-09-25 17:17:01 +0100 |
| commit | 008643b86c5f33c115c84ccdda1725cac3ad50ad (patch) | |
| tree | 951ea0d3d7b84ce3570da17f03f45a53f3e4b35d /include/linux/key-type.h | |
| parent | KEYS: Separate the kernel signature checking keyring from module signing (diff) | |
| download | linux-dev-008643b86c5f33c115c84ccdda1725cac3ad50ad.tar.xz linux-dev-008643b86c5f33c115c84ccdda1725cac3ad50ad.zip | |
KEYS: Add a 'trusted' flag and a 'trusted only' flag
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.
Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include/linux/key-type.h')
| -rw-r--r-- | include/linux/key-type.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/key-type.h b/include/linux/key-type.h index f58737bcb050..a74c3a84dfdd 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h @@ -45,6 +45,7 @@ struct key_preparsed_payload { const void *data; /* Raw data */ size_t datalen; /* Raw datalen */ size_t quotalen; /* Quota length for proposed payload */ + bool trusted; /* True if key is trusted */ }; typedef int (*request_key_actor_t)(struct key_construction *key, |