On Tue, 2019-01-15 at 23:47 +0800, Kairui Song wrote: > On Tue, Jan 15, 2019 at 11:34 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > > On Tue, 2019-01-15 at 17:45 +0800, Kairui Song wrote: > > [snip] > > > > > diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c > > > index f45d6edecf99..bfabc2a8111d 100644 > > > --- a/security/integrity/digsig.c > > > +++ b/security/integrity/digsig.c > > > @@ -89,6 +89,12 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm, > > > keyring[id] = NULL; > > > } > > > > > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > > > + if (id == INTEGRITY_KEYRING_PLATFORM) { > > > + set_platform_trusted_keys(keyring[id]); > > > + } > > > +#endif > > > + > > > return err; > > > } > > > > > > > Any reason for setting it here as opposed to in the caller > > platform_keyring_init()? > > > > Mimi > > > > Yes, "keyring" is static so unless I expose it to other files, it is > only accessible here. And I think there should be no problem to put > the set_platform_trusted_keys here. Right, that's a really good reason. Mimi _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec