Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring
From: Mimi Zohar
Date: Tue Jan 15 2019 - 10:56:27 EST
On Tue, 2019-01-15 at 23:47 +0800, Kairui Song wrote:
> On Tue, Jan 15, 2019 at 11:34 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> >
> > On Tue, 2019-01-15 at 17:45 +0800, Kairui Song wrote:
> > [snip]
> >
> > > diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
> > > index f45d6edecf99..bfabc2a8111d 100644
> > > --- a/security/integrity/digsig.c
> > > +++ b/security/integrity/digsig.c
> > > @@ -89,6 +89,12 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm,
> > > keyring[id] = NULL;
> > > }
> > >
> > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> > > + if (id == INTEGRITY_KEYRING_PLATFORM) {
> > > + set_platform_trusted_keys(keyring[id]);
> > > + }
> > > +#endif
> > > +
> > > return err;
> > > }
> > >
> >
> > Any reason for setting it here as opposed to in the caller
> > platform_keyring_init()?
> >
> > Mimi
> >
>
> Yes, "keyring" is static so unless I expose it to other files, it is
> only accessible here. And I think there should be no problem to put
> the set_platform_trusted_keys here.
Right, that's a really good reason.
Mimi