Re: [PATCH] IMA: Use the system trusted keyrings instead of .ima_mok (update)

From: Mimi Zohar
Date: Wed Apr 06 2016 - 13:06:58 EST


On Wed, 2016-04-06 at 17:24 +0100, David Howells wrote:
> Looking in digsig.c, I see:
>
> #ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING
> static bool init_keyring __initdata = true;
> #else
> static bool init_keyring __initdata;
> #endif
>
> Since this doesn't ever appear to be altered, should integrity_init_keyring()
> just be made conditionally compiled?

I'm not sure what you're asking. If you're asking if the whole file can
be include based on whether this option is enabled, then no.

Mimi