Re: [PATCH] integrity: Update comment for load_moklist_certs()
From: Jarkko Sakkinen
Date: Sun May 12 2024 - 19:04:11 EST
On Sat May 11, 2024 at 6:22 AM EEST, Yusong Gao wrote:
> After commit 45fcd5e521cd ("integrity: add new keyring handler for
> mok keys"), the comment about load_moklist_certs() is out-of-date.
> Change keyring name from platform to machine.
>
> Signed-off-by: Yusong Gao <a869920004@xxxxxxxxx>
> ---
> security/integrity/platform_certs/load_uefi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> index d1fdd113450a..e954776d3cfb 100644
> --- a/security/integrity/platform_certs/load_uefi.c
> +++ b/security/integrity/platform_certs/load_uefi.c
> @@ -97,7 +97,7 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
> * load_moklist_certs() - Load MokList certs
> *
> * Load the certs contained in the UEFI MokListRT database into the
> - * platform trusted keyring.
> + * machine keyring.
> *
> * This routine checks the EFI MOK config table first. If and only if
> * that fails, this routine uses the MokListRT ordinary UEFI variable.
Alone pretty useless change to be honest. Can be fixed up when something
relevant is changed.
BR, Jarkko