On Tue, 2022-04-12 at 14:13 +0000, Aditya Garg wrote: > >> @@ -138,6 +181,11 @@ static int __init load_uefi_certs(void) > >> unsigned long dbsize = 0, dbxsize = 0, mokxsize = 0; > >> efi_status_t status; > >> int rc = 0; > >> + const struct dmi_system_id *dmi_id; > >> + > >> + dmi_id = dmi_first_match(uefi_skip_cert); > >> + if (dmi_id) > >> + return 0; > > > > uefi_check_ignore_db(), get_cert_list(), uefi_check_ignore_db(), and > > /load_moklist_certs() are all defined all static and are gated here by > > this dmi_first_match(). There's probably no need for any of the other > > calls to dmi_first_match(). > I couldn’t get you here. Could you elaborate? dmi_first_match() is called here at the beginning of load_uefi_certs(). Only if it succeeds would uefi_check_ignore_db(), get_cert_list(), uefi_check_ignore_db(), or load_moklist_certs() be called. Is there a need for adding a call to dmi_first_match() in any of these other functions? thanks, Mimi > > > > Like in all the other cases, there should be some sort of message. At > > minimum, there should be a pr_info(). > > > >> > >> if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) > >> return false; > >