xref: /linux-6.15/include/linux/ima.h (revision 84594c9e) 
1b886d83cSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-only */
26146f0d5SMimi Zohar /*
36146f0d5SMimi Zohar  * Copyright (C) 2008 IBM Corporation
46146f0d5SMimi Zohar  * Author: Mimi Zohar <[email protected]>
56146f0d5SMimi Zohar  */
66146f0d5SMimi Zohar 
76146f0d5SMimi Zohar #ifndef _LINUX_IMA_H
86146f0d5SMimi Zohar #define _LINUX_IMA_H
96146f0d5SMimi Zohar 
10b89999d0SScott Branden #include <linux/kernel_read_file.h>
11ed850a52SMimi Zohar #include <linux/fs.h>
1216c267aaSMimi Zohar #include <linux/security.h>
137b8589ccSMimi Zohar #include <linux/kexec.h>
145d1ef2ceSRoberto Sassu #include <crypto/hash_info.h>
15ed850a52SMimi Zohar struct linux_binprm;
16ed850a52SMimi Zohar 
173323eec9SMimi Zohar #ifdef CONFIG_IMA
185d1ef2ceSRoberto Sassu extern enum hash_algo ima_get_current_hash_algo(void);
196beea7afSFlorent Revest extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
20403319beSKP Singh extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
214834177eSTyler Hicks extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
22ce5bb5a8SRoberto Sassu extern int ima_measure_critical_data(const char *event_label,
239f5d7d23STushar Sugandhi 				     const char *event_name,
24d6e64501STushar Sugandhi 				     const void *buf, size_t buf_len,
25ca3c9bdbSRoberto Sassu 				     bool hash, u8 *digest, size_t digest_len);
263323eec9SMimi Zohar 
27b000d5cbSArd Biesheuvel #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
28b000d5cbSArd Biesheuvel extern void ima_appraise_parse_cmdline(void);
29b000d5cbSArd Biesheuvel #else
ima_appraise_parse_cmdline(void)30b000d5cbSArd Biesheuvel static inline void ima_appraise_parse_cmdline(void) {}
31b000d5cbSArd Biesheuvel #endif
32b000d5cbSArd Biesheuvel 
337b8589ccSMimi Zohar #ifdef CONFIG_IMA_KEXEC
347b8589ccSMimi Zohar extern void ima_add_kexec_buffer(struct kimage *image);
357b8589ccSMimi Zohar #endif
367b8589ccSMimi Zohar 
373323eec9SMimi Zohar #else
ima_get_current_hash_algo(void)385d1ef2ceSRoberto Sassu static inline enum hash_algo ima_get_current_hash_algo(void)
395d1ef2ceSRoberto Sassu {
405d1ef2ceSRoberto Sassu 	return HASH_ALGO__LAST;
415d1ef2ceSRoberto Sassu }
425d1ef2ceSRoberto Sassu 
ima_file_hash(struct file * file,char * buf,size_t buf_size)436beea7afSFlorent Revest static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
446beea7afSFlorent Revest {
456beea7afSFlorent Revest 	return -EOPNOTSUPP;
466beea7afSFlorent Revest }
476beea7afSFlorent Revest 
ima_inode_hash(struct inode * inode,char * buf,size_t buf_size)48403319beSKP Singh static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size)
49403319beSKP Singh {
50403319beSKP Singh 	return -EOPNOTSUPP;
51403319beSKP Singh }
52403319beSKP Singh 
ima_kexec_cmdline(int kernel_fd,const void * buf,int size)534834177eSTyler Hicks static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
54d6e64501STushar Sugandhi 
ima_measure_critical_data(const char * event_label,const char * event_name,const void * buf,size_t buf_len,bool hash,u8 * digest,size_t digest_len)55ce5bb5a8SRoberto Sassu static inline int ima_measure_critical_data(const char *event_label,
569f5d7d23STushar Sugandhi 					     const char *event_name,
57d6e64501STushar Sugandhi 					     const void *buf, size_t buf_len,
58ca3c9bdbSRoberto Sassu 					     bool hash, u8 *digest,
59ca3c9bdbSRoberto Sassu 					     size_t digest_len)
60ce5bb5a8SRoberto Sassu {
61ce5bb5a8SRoberto Sassu 	return -ENOENT;
62ce5bb5a8SRoberto Sassu }
639f5d7d23STushar Sugandhi 
64e05a4f4fSPaul Bolle #endif /* CONFIG_IMA */
659957a504SMimi Zohar 
66*b69a2afdSJonathan McDowell #ifdef CONFIG_HAVE_IMA_KEXEC
67*b69a2afdSJonathan McDowell int __init ima_free_kexec_buffer(void);
68*b69a2afdSJonathan McDowell int __init ima_get_kexec_buffer(void **addr, size_t *size);
69*b69a2afdSJonathan McDowell #endif
70*b69a2afdSJonathan McDowell 
7154bf7fa3STakashi Iwai #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
7254bf7fa3STakashi Iwai extern bool arch_ima_get_secureboot(void);
7354bf7fa3STakashi Iwai extern const char * const *arch_get_ima_policy(void);
7454bf7fa3STakashi Iwai #else
arch_ima_get_secureboot(void)7554bf7fa3STakashi Iwai static inline bool arch_ima_get_secureboot(void)
7654bf7fa3STakashi Iwai {
7754bf7fa3STakashi Iwai 	return false;
7854bf7fa3STakashi Iwai }
7954bf7fa3STakashi Iwai 
arch_get_ima_policy(void)8054bf7fa3STakashi Iwai static inline const char * const *arch_get_ima_policy(void)
8154bf7fa3STakashi Iwai {
8254bf7fa3STakashi Iwai 	return NULL;
8354bf7fa3STakashi Iwai }
8454bf7fa3STakashi Iwai #endif
8554bf7fa3STakashi Iwai 
867b8589ccSMimi Zohar #ifndef CONFIG_IMA_KEXEC
877b8589ccSMimi Zohar struct kimage;
887b8589ccSMimi Zohar 
ima_add_kexec_buffer(struct kimage * image)897b8589ccSMimi Zohar static inline void ima_add_kexec_buffer(struct kimage *image)
907b8589ccSMimi Zohar {}
917b8589ccSMimi Zohar #endif
927b8589ccSMimi Zohar 
939957a504SMimi Zohar #ifdef CONFIG_IMA_APPRAISE
946f6723e2SMimi Zohar extern bool is_ima_appraise_enabled(void);
959957a504SMimi Zohar #else
is_ima_appraise_enabled(void)966f6723e2SMimi Zohar static inline bool is_ima_appraise_enabled(void)
976f6723e2SMimi Zohar {
986f6723e2SMimi Zohar 	return 0;
996f6723e2SMimi Zohar }
100e05a4f4fSPaul Bolle #endif /* CONFIG_IMA_APPRAISE */
10129d3c1c8SMatthew Garrett 
10229d3c1c8SMatthew Garrett #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
10329d3c1c8SMatthew Garrett extern bool ima_appraise_signature(enum kernel_read_file_id func);
10429d3c1c8SMatthew Garrett #else
ima_appraise_signature(enum kernel_read_file_id func)10529d3c1c8SMatthew Garrett static inline bool ima_appraise_signature(enum kernel_read_file_id func)
10629d3c1c8SMatthew Garrett {
10729d3c1c8SMatthew Garrett 	return false;
10829d3c1c8SMatthew Garrett }
10929d3c1c8SMatthew Garrett #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
1106146f0d5SMimi Zohar #endif /* _LINUX_IMA_H */
111