Hi Eric, On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote: > Remove the CONFIG_INTEGRITY_PLATFORM_KEYRING ifdef check so this > pattern does not need to be repeated with new code. > > Signed-off-by: Eric Snowberg <eric.snowberg@xxxxxxxxxx> Ok. The reason why testing the Kconfig is unnecessary should be included in the patch description. For example, Commit 219a3e8676f3 ("integrity, KEYS: add a reference to platform keyring") unnecessarily added the Kconfig test. As platform_trusted_keys is already initialized, simply use it. Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > --- > certs/system_keyring.c | 6 ------ > 1 file changed, 6 deletions(-) > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 9de610bf1f4b..e344cee10d28 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -24,9 +24,7 @@ static struct key *secondary_trusted_keys; > #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING > static struct key *machine_trusted_keys; > #endif > -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > static struct key *platform_trusted_keys; > -#endif > > extern __initconst const u8 system_certificate_list[]; > extern __initconst const unsigned long system_certificate_list_size; > @@ -345,11 +343,7 @@ int verify_pkcs7_message_sig(const void *data, size_t len, > trusted_keys = builtin_trusted_keys; > #endif > } else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) { > -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > trusted_keys = platform_trusted_keys; > -#else > - trusted_keys = NULL; > -#endif > if (!trusted_keys) { > ret = -ENOKEY; > pr_devel("PKCS#7 platform keyring is not available\n");