Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring

From: Kairui Song
Date: Tue Jan 15 2019 - 10:47:54 EST

Next message: Sir Donald : "mutual Benefit"
Previous message: Mimi Zohar: "Re: [RFC PATCH v2 2/2] kexec, KEYS: Make use of platform keyring for signature verify"
In reply to: Mimi Zohar: "Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring"
Next in thread: Mimi Zohar: "Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 15, 2019 at 11:34 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
>
> On Tue, 2019-01-15 at 17:45 +0800, Kairui Song wrote:
> [snip]
>
> > diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
> > index f45d6edecf99..bfabc2a8111d 100644
> > --- a/security/integrity/digsig.c
> > +++ b/security/integrity/digsig.c
> > @@ -89,6 +89,12 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm,
> > keyring[id] = NULL;
> > }
> >
> > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> > + if (id == INTEGRITY_KEYRING_PLATFORM) {
> > + set_platform_trusted_keys(keyring[id]);
> > + }
> > +#endif
> > +
> > return err;
> > }
> >
>
> Any reason for setting it here as opposed to in the caller
> platform_keyring_init()?
>
> Mimi
>

Yes, "keyring" is static so unless I expose it to other files, it is
only accessible here. And I think there should be no problem to put
the set_platform_trusted_keys here.

--
Best Regards,
Kairui Song

Next message: Sir Donald : "mutual Benefit"
Previous message: Mimi Zohar: "Re: [RFC PATCH v2 2/2] kexec, KEYS: Make use of platform keyring for signature verify"
In reply to: Mimi Zohar: "Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring"
Next in thread: Mimi Zohar: "Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]