git.ipfire.org Git - thirdparty/linux.git/commit

author	Marek Behún <kabel@kernel.org>
	Tue, 4 Feb 2025 13:14:12 +0000 (14:14 +0100)
committer	Arnd Bergmann <arnd@arndb.de>
	Thu, 20 Mar 2025 16:56:56 +0000 (17:56 +0100)
commit	0b28b7080ef5a323c3afa3860c3d45d627629830
tree	366f133190e4f9e3c82ac9052e3d20edfe28d15d	tree
parent	ee7f8ed72990f28657b5bf598e695fcf4633f4ed	commit \| diff

platform: cznic: Add keyctl helpers for Turris platform

Some Turris devices support signing messages with a per-device unique
asymmetric key that was created on the device at manufacture time.

Add helper module that helps to expose this ability via the keyctl()
syscall.

A device-specific driver can register a signing key by calling
devm_turris_signing_key_create().

Both the `.turris-signing-keys` keyring and the signing key are created
with only the VIEW, READ and SEARCH permissions for userspace - it is
impossible to link / unlink / move them, set their attributes, or unlink
the keyring from userspace.

Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>

MAINTAINERS		diff \| blob \| blame \| history
drivers/platform/cznic/Kconfig		diff \| blob \| blame \| history
drivers/platform/cznic/Makefile		diff \| blob \| blame \| history
drivers/platform/cznic/turris-signing-key.c	[new file with mode: 0644]	blob
include/linux/turris-signing-key.h	[new file with mode: 0644]	blob