Merge branch 'next' of...

			goto error_free_cert;

			goto error_free_cert;

	} else if (!prep->trusted) {

	} else if (!prep->trusted) {

		ret = x509_validate_trust(cert, get_system_trusted_keyring());

		ret = x509_validate_trust(cert, get_system_trusted_keyring());

		if (ret)

			ret = x509_validate_trust(cert, get_ima_mok_keyring());

		if (!ret)

		if (!ret)

			prep->trusted = 1;

			prep->trusted = 1;

	}

	}

			      enum key_being_used_for usage);

			      enum key_being_used_for usage);

#endif

#endif

#ifdef CONFIG_IMA_MOK_KEYRING

extern struct key *ima_mok_keyring;

extern struct key *ima_blacklist_keyring;

static inline struct key *get_ima_mok_keyring(void)

{

	return ima_mok_keyring;

}

static inline struct key *get_ima_blacklist_keyring(void)

{

	return ima_blacklist_keyring;

}

#else

static inline struct key *get_ima_mok_keyring(void)

{

	return NULL;

}

static inline struct key *get_ima_blacklist_keyring(void)

{

	return NULL;

}

#endif /* CONFIG_IMA_MOK_KEYRING */

#endif /* _KEYS_SYSTEM_KEYRING_H */

#endif /* _KEYS_SYSTEM_KEYRING_H */

struct integrity_iint_cache;

struct integrity_iint_cache;

#ifdef CONFIG_EVM

#ifdef CONFIG_EVM

extern int evm_set_key(void *key, size_t keylen);

extern enum integrity_status evm_verifyxattr(struct dentry *dentry,

extern enum integrity_status evm_verifyxattr(struct dentry *dentry,

					     const char *xattr_name,

					     const char *xattr_name,

					     void *xattr_value,

					     void *xattr_value,

}

}

#endif

#endif

#else

#else

static inline int evm_set_key(void *key, size_t keylen)

{

	return -EOPNOTSUPP;

}

#ifdef CONFIG_INTEGRITY

#ifdef CONFIG_INTEGRITY

static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,

static inline enum integrity_status evm_verifyxattr(struct dentry *dentry,

						    const char *xattr_name,

						    const char *xattr_name,

#define KEY_FLAG_TRUSTED_ONLY	9	/* set if keyring only accepts links to trusted keys */

#define KEY_FLAG_TRUSTED_ONLY	9	/* set if keyring only accepts links to trusted keys */

#define KEY_FLAG_BUILTIN	10	/* set if key is builtin */

#define KEY_FLAG_BUILTIN	10	/* set if key is builtin */

#define KEY_FLAG_ROOT_CAN_INVAL	11	/* set if key can be invalidated by root without permission */

#define KEY_FLAG_ROOT_CAN_INVAL	11	/* set if key can be invalidated by root without permission */

#define KEY_FLAG_KEEP		12	/* set if key should not be removed */

	/* the key type and key description string

	/* the key type and key description string

	 * - the desc is used to match a key against search criteria

	 * - the desc is used to match a key against search criteria

	  This option enables digital signature verification using

	  This option enables digital signature verification using

	  asymmetric keys.

	  asymmetric keys.

config INTEGRITY_TRUSTED_KEYRING

	bool "Require all keys on the integrity keyrings be signed"

	depends on SYSTEM_TRUSTED_KEYRING

	depends on INTEGRITY_ASYMMETRIC_KEYS

	select KEYS_DEBUG_PROC_KEYS

	default y

	help

	   This option requires that all keys added to the .ima and

	   .evm keyrings be signed by a key on the system trusted

	   keyring.

config INTEGRITY_AUDIT

config INTEGRITY_AUDIT

	bool "Enables integrity auditing support "

	bool "Enables integrity auditing support "

	depends on AUDIT

	depends on AUDIT