On Tue, Jan 15, 2019 at 11:34 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > On Tue, 2019-01-15 at 17:45 +0800, Kairui Song wrote: > [snip] > > > diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c > > index f45d6edecf99..bfabc2a8111d 100644 > > --- a/security/integrity/digsig.c > > +++ b/security/integrity/digsig.c > > @@ -89,6 +89,12 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm, > > keyring[id] = NULL; > > } > > > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > > + if (id == INTEGRITY_KEYRING_PLATFORM) { > > + set_platform_trusted_keys(keyring[id]); > > + } > > +#endif > > + > > return err; > > } > > > > Any reason for setting it here as opposed to in the caller > platform_keyring_init()? > > Mimi > Yes, "keyring" is static so unless I expose it to other files, it is only accessible here. And I think there should be no problem to put the set_platform_trusted_keys here. -- Best Regards, Kairui Song