| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACPcB9fQUNiD8UEVDa+bU67PZSOkckwhwD00Qvu4m3G0JmqqHQ@mail.gmail.com>
Date: Tue, 15 Jan 2019 23:47:39 +0800
From: Kairui Song <kasong@...hat.com>
To: Mimi Zohar <zohar@...ux.ibm.com>
Cc: linux-kernel@...r.kernel.org, David Howells <dhowells@...hat.com>,
David Woodhouse <dwmw2@...radead.org>,
jwboyer@...oraproject.org, keyrings@...r.kernel.org,
jmorris@...ei.org, serge@...lyn.com, bauerman@...ux.ibm.com,
Eric Biggers <ebiggers@...gle.com>, nayna@...ux.ibm.com,
Dave Young <dyoung@...hat.com>,
linux-integrity <linux-integrity@...r.kernel.org>,
kexec@...ts.infradead.org
Subject: Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring
On Tue, Jan 15, 2019 at 11:34 PM Mimi Zohar <zohar@...ux.ibm.com> wrote:
>
> On Tue, 2019-01-15 at 17:45 +0800, Kairui Song wrote:
> [snip]
>
> > diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
> > index f45d6edecf99..bfabc2a8111d 100644
> > --- a/security/integrity/digsig.c
> > +++ b/security/integrity/digsig.c
> > @@ -89,6 +89,12 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm,
> > keyring[id] = NULL;
> > }
> >
> > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> > + if (id == INTEGRITY_KEYRING_PLATFORM) {
> > + set_platform_trusted_keys(keyring[id]);
> > + }
> > +#endif
> > +
> > return err;
> > }
> >
>
> Any reason for setting it here as opposed to in the caller
> platform_keyring_init()?
>
> Mimi
>
Yes, "keyring" is static so unless I expose it to other files, it is
only accessible here. And I think there should be no problem to put
the set_platform_trusted_keys here.
--
Best Regards,
Kairui Song
Powered by blists - more mailing lists