KFunc bpf_lookup_system_key
Lookup a key by a system-defined ID
Definition
Obtain a bpf_key structure with a key pointer set to the passed key ID.
The key pointer is marked as invalid, to prevent bpf_key_put() from
attempting to decrement the key reference count on that pointer. The key
pointer set in such way is currently understood only by
bpf_verify_pkcs7_signature().
Set id to one of the values defined in include/linux/verification.h:
0for the primary keyring (immutable keyring of system keys)VERIFY_USE_SECONDARY_KEYRINGfor both the primary and secondary keyring (where keys can be added only if they are vouched for by existing keys in those keyrings)VERIFY_USE_PLATFORM_KEYRINGfor the platform keyring (primarily used by the integrity subsystem to verify a kexec'ed kerned image and, possibly, the initramfs signature).
Return
a bpf_key pointer with an invalid key pointer set from the pre-determined ID on success, a NULL pointer otherwise
struct bpf_key *bpf_lookup_system_key(u64 id)
Note
This kfunc returns a pointer to a refcounted object. The verifier will then ensure that the pointer to the object
is eventually released using a release kfunc, or transferred to a map using a referenced kptr
(by invoking bpf_kptr_xchg). If not, the verifier fails the
loading of the BPF program until no lingering references remain in all possible explored states of the program.
Note
The pointer returned by the kfunc may be NULL. Hence, it forces the user to do a NULL check on the pointer returned from the kfunc before making use of it (dereferencing or passing to another helper).
Usage
Docs could be improved
This part of the docs is incomplete, contributions are very welcome
Program types
The following program types can make use of this kfunc:
Example
Docs could be improved
This part of the docs is incomplete, contributions are very welcome