2024-05-11 03:23:40

by Yusong Gao

[permalink] [raw]
Subject: [PATCH] integrity: Update comment for load_moklist_certs()

After commit 45fcd5e521cd ("integrity: add new keyring handler for
mok keys"), the comment about load_moklist_certs() is out-of-date.
Change keyring name from platform to machine.

Signed-off-by: Yusong Gao <[email protected]>
---
security/integrity/platform_certs/load_uefi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index d1fdd113450a..e954776d3cfb 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -97,7 +97,7 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
* load_moklist_certs() - Load MokList certs
*
* Load the certs contained in the UEFI MokListRT database into the
- * platform trusted keyring.
+ * machine keyring.
*
* This routine checks the EFI MOK config table first. If and only if
* that fails, this routine uses the MokListRT ordinary UEFI variable.
--
2.34.1



2024-05-12 23:04:12

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH] integrity: Update comment for load_moklist_certs()

On Sat May 11, 2024 at 6:22 AM EEST, Yusong Gao wrote:
> After commit 45fcd5e521cd ("integrity: add new keyring handler for
> mok keys"), the comment about load_moklist_certs() is out-of-date.
> Change keyring name from platform to machine.
>
> Signed-off-by: Yusong Gao <[email protected]>
> ---
> security/integrity/platform_certs/load_uefi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> index d1fdd113450a..e954776d3cfb 100644
> --- a/security/integrity/platform_certs/load_uefi.c
> +++ b/security/integrity/platform_certs/load_uefi.c
> @@ -97,7 +97,7 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
> * load_moklist_certs() - Load MokList certs
> *
> * Load the certs contained in the UEFI MokListRT database into the
> - * platform trusted keyring.
> + * machine keyring.
> *
> * This routine checks the EFI MOK config table first. If and only if
> * that fails, this routine uses the MokListRT ordinary UEFI variable.

Alone pretty useless change to be honest. Can be fixed up when something
relevant is changed.

BR, Jarkko