// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2010 IBM Corporation * Copyright (c) 2019-2021, Linaro Limited * * See Documentation/security/keys/trusted-encrypted.rst */ #include <keys/user-type.h> #include <keys/trusted-type.h> #include <keys/trusted_tee.h> #include <keys/trusted_caam.h> #include <keys/trusted_dcp.h> #include <keys/trusted_tpm.h> #include <linux/capability.h> #include <linux/err.h> #include <linux/init.h> #include <linux/key-type.h> #include <linux/module.h> #include <linux/parser.h> #include <linux/random.h> #include <linux/rcupdate.h> #include <linux/slab.h> #include <linux/static_call.h> #include <linux/string.h> #include <linux/uaccess.h> static char *trusted_rng = …; module_param_named(rng, trusted_rng, charp, 0); MODULE_PARM_DESC(…) …; static char *trusted_key_source; module_param_named(source, trusted_key_source, charp, 0); MODULE_PARM_DESC(…) …; static const struct trusted_key_source trusted_key_sources[] = …; DEFINE_STATIC_CALL_NULL(…); DEFINE_STATIC_CALL_NULL(…); DEFINE_STATIC_CALL_NULL(…); static void (*trusted_key_exit)(void); static unsigned char migratable; enum { … }; static const match_table_t key_tokens = …; /* * datablob_parse - parse the keyctl data and fill in the * payload structure * * On success returns 0, otherwise -EINVAL. */ static int datablob_parse(char **datablob, struct trusted_key_payload *p) { … } static struct trusted_key_payload *trusted_payload_alloc(struct key *key) { … } /* * trusted_instantiate - create a new trusted key * * Unseal an existing trusted blob or, for a new key, get a * random key, then seal and create a trusted key-type key, * adding it to the specified keyring. * * On success, return 0. Otherwise return errno. */ static int trusted_instantiate(struct key *key, struct key_preparsed_payload *prep) { … } static void trusted_rcu_free(struct rcu_head *rcu) { … } /* * trusted_update - reseal an existing key with new PCR values */ static int trusted_update(struct key *key, struct key_preparsed_payload *prep) { … } /* * trusted_read - copy the sealed blob data to userspace in hex. * On success, return to userspace the trusted key datablob size. */ static long trusted_read(const struct key *key, char *buffer, size_t buflen) { … } /* * trusted_destroy - clear and free the key's payload */ static void trusted_destroy(struct key *key) { … } struct key_type key_type_trusted = …; EXPORT_SYMBOL_GPL(…); static int kernel_get_random(unsigned char *key, size_t key_len) { … } static int __init init_trusted(void) { … } static void __exit cleanup_trusted(void) { … } late_initcall(init_trusted); module_exit(cleanup_trusted); MODULE_DESCRIPTION(…) …; MODULE_LICENSE(…) …;
Codebase Browser
linux