Re: [PATCH v5 12/12] integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
From: Jarkko Sakkinen
Date: Thu Sep 09 2021 - 10:00:49 EST
On Tue, 2021-09-07 at 12:01 -0400, Eric Snowberg wrote:
> With the introduction of uefi_check_trust_mok_keys, it signifies the end-
> user wants to trust the machine keyring as trusted keys. If they have
> chosen to trust the machine keyring, load the qualifying keys into it
> during boot, then link it to the secondary keyring . If the user has not
> chosen to trust the machine keyring, it will be empty and not linked to
> the secondary keyring.
>
> Signed-off-by: Eric Snowberg <eric.snowberg@xxxxxxxxxx>
I would not worry too much applying the code changes if the story
part made sense (to *almost anyone*) in the cover letter.
/Jarkko