Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5046773imu; Tue, 15 Jan 2019 10:12:59 -0800 (PST) X-Google-Smtp-Source: ALg8bN6ZM24IhjYY5FSBpNjs9L46NlMuEMOy6QQSbXy/q1ytJFfRZuFUpzRWudR+AK/34V+wRxti X-Received: by 2002:a63:f74f:: with SMTP id f15mr4950508pgk.190.1547575979358; Tue, 15 Jan 2019 10:12:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547575979; cv=none; d=google.com; s=arc-20160816; b=eVsZkddZvIKIjO5CfvGFYT06+JrwgD860WiwXFMLS0GwUeH5dHs/vRzlqIlOShNF+x HwSVqb06JncOi/vZJ8Ja3opwrUI+Zd+CO71H2zRcAMvQF69fYErxsRAc8Hfv88Z2DW+5 shqjXz24xtL8bhICxdKV2J/fllz+iI7ztOJ55JwL8GMyxNkNICHuspMovAAynP3+utJ3 8kiFluUkhTFgEMW52vlIHQqSBUPI71yHB7LeIdB3JYEUt2lW0NJMgCKr6NPVTOM2mVhi 0PlrakJx7mrnfGsV1qvcByBGQl8lbeLMN4dl+fgKAsqbZ/+L8MbjFxRYpagReZbhex7/ +JSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=63qAqn9+8knOzrpJzAgh/hypu9BmGLnvogVKxHDPq6A=; b=zCpsoA4DGMAseHE8pv/gdSA2HhymiVqgYZayp7G4BDrCmw0xHQAxsf54LUjVHwaVdY qEpnsl43oAObyXBmBzGsZv+jlI7up3QijIHMaNHJiO6HP8QEsMKNRdVeGVd8AelbsNzT h1NeB2gCHM8inQO25BUQqajrVaOIj6q1HE9wLqqyG5b98Akpra+m93I0tR0a6EPMnRug 8R/1X38X6fQQFsVUyLpwox/YUoDUuBSCMwpPjFU+bnMk6QrU+oBl1YUVn43kFEbQJU+6 +hlZFeqnJD2FjwJqWYfUuLjwMWtGKWTbC86lL3utlymHi2LvA2qgLKr+taAelxKZhkeO mc1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b9si3589665pgt.293.2019.01.15.10.12.40; Tue, 15 Jan 2019 10:12:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731167AbfAOPrw (ORCPT + 99 others); Tue, 15 Jan 2019 10:47:52 -0500 Received: from mail-io1-f68.google.com ([209.85.166.68]:39715 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731155AbfAOPrv (ORCPT ); Tue, 15 Jan 2019 10:47:51 -0500 Received: by mail-io1-f68.google.com with SMTP id k7so2403778iob.6 for ; Tue, 15 Jan 2019 07:47:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=63qAqn9+8knOzrpJzAgh/hypu9BmGLnvogVKxHDPq6A=; b=b9mk5DPM1MbX6wknbcTAgYLIFC5Gi2JLo4mU+DB1Gj0oyKQesrqFi4yeeepvmoVb2a lPQwNyBAju3twy6hksFA0VWHVzY33cPlBphf4uuj09A3RxkKml9p/sNLJQIZuwkuLxFP y7WFgp3pKNDxdopX5N6FJyuW/Aw30/241PPbSHxrS3XawuUjucNiiETto5jUNMgVmp0r qrNMXn+T+zhkmV1apJ2FhQIh8BJWMiV9THullPkfcKUkV5PwxAFy43TWHKcxTy+992Cx 60uVT5TIBkUQdrHrE6c0KKiobRS5+aKFLx54wC7lmwsA7dy324ahZ/hy54jG8WWnZSU1 OmfQ== X-Gm-Message-State: AJcUukd1qeTUE1QNUJnqUUy8BcFd4FqCwrLEmUhCyCI7exn+Yljw/iBk yZtHNgaPchL/8tH1EGLo80StSiLB8yCRB/FtcN9Pyw== X-Received: by 2002:a5e:de01:: with SMTP id e1mr2352082iok.137.1547567270976; Tue, 15 Jan 2019 07:47:50 -0800 (PST) MIME-Version: 1.0 References: <20190115094542.17129-1-kasong@redhat.com> <20190115094542.17129-2-kasong@redhat.com> <1547566455.4156.283.camel@linux.ibm.com> In-Reply-To: <1547566455.4156.283.camel@linux.ibm.com> From: Kairui Song Date: Tue, 15 Jan 2019 23:47:39 +0800 Message-ID: Subject: Re: [RFC PATCH v2 1/2] integrity, KEYS: add a reference to platform keyring To: Mimi Zohar Cc: linux-kernel@vger.kernel.org, David Howells , David Woodhouse , jwboyer@fedoraproject.org, keyrings@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, bauerman@linux.ibm.com, Eric Biggers , nayna@linux.ibm.com, Dave Young , linux-integrity , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 15, 2019 at 11:34 PM Mimi Zohar wrote: > > On Tue, 2019-01-15 at 17:45 +0800, Kairui Song wrote: > [snip] > > > diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c > > index f45d6edecf99..bfabc2a8111d 100644 > > --- a/security/integrity/digsig.c > > +++ b/security/integrity/digsig.c > > @@ -89,6 +89,12 @@ static int __integrity_init_keyring(const unsigned int id, key_perm_t perm, > > keyring[id] = NULL; > > } > > > > +#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING > > + if (id == INTEGRITY_KEYRING_PLATFORM) { > > + set_platform_trusted_keys(keyring[id]); > > + } > > +#endif > > + > > return err; > > } > > > > Any reason for setting it here as opposed to in the caller > platform_keyring_init()? > > Mimi > Yes, "keyring" is static so unless I expose it to other files, it is only accessible here. And I think there should be no problem to put the set_platform_trusted_keys here. -- Best Regards, Kairui Song