| Message ID | 20241017155516.2582369-2-eric.snowberg@oracle.com |
|---|---|
| State | New |
| Headers | show |
| Series | Clavis LSM | expand |
Hi Eric, On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote: > Remove the CONFIG_INTEGRITY_PLATFORM_KEYRING ifdef check so this > pattern does not need to be repeated with new code. > > Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Ok. The reason why testing the Kconfig is unnecessary should be included in the patch description. For example, Commit 219a3e8676f3 ("integrity, KEYS: add a reference to platform keyring") unnecessarily added the Kconfig test. As platform_trusted_keys is already initialized, simply use it. Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> > --- > certs/system_keyring.c | 6 ------ > 1 file changed, 6 deletions(-) > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 9de610bf1f4b..e344cee10d28 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -24,9 +24,7 @@ static struct key *secondary_trusted_keys; > #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING > static struct key *machine_trusted_keys; > #endif > -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > static struct key *platform_trusted_keys; > -#endif > > extern __initconst const u8 system_certificate_list[]; > extern __initconst const unsigned long system_certificate_list_size; > @@ -345,11 +343,7 @@ int verify_pkcs7_message_sig(const void *data, size_t len, > trusted_keys = builtin_trusted_keys; > #endif > } else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) { > -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > trusted_keys = platform_trusted_keys; > -#else > - trusted_keys = NULL; > -#endif > if (!trusted_keys) { > ret = -ENOKEY; > pr_devel("PKCS#7 platform keyring is not available\n");
diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 9de610bf1f4b..e344cee10d28 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -24,9 +24,7 @@ static struct key *secondary_trusted_keys; #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING static struct key *machine_trusted_keys; #endif -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING static struct key *platform_trusted_keys; -#endif extern __initconst const u8 system_certificate_list[]; extern __initconst const unsigned long system_certificate_list_size; @@ -345,11 +343,7 @@ int verify_pkcs7_message_sig(const void *data, size_t len, trusted_keys = builtin_trusted_keys; #endif } else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) { -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING trusted_keys = platform_trusted_keys; -#else - trusted_keys = NULL; -#endif if (!trusted_keys) { ret = -ENOKEY; pr_devel("PKCS#7 platform keyring is not available\n");
Remove the CONFIG_INTEGRITY_PLATFORM_KEYRING ifdef check so this pattern does not need to be repeated with new code. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> --- certs/system_keyring.c | 6 ------ 1 file changed, 6 deletions(-)