[RFC PATCH v3 01/13] certs: Remove CONFIG_INTEGRITY_PLATFORM_KEYRING check

[Mimi Zohar]

Hi Eric,

On Thu, 2024-10-17 at 09:55 -0600, Eric Snowberg wrote:
> Remove the CONFIG_INTEGRITY_PLATFORM_KEYRING ifdef check so this
> pattern does not need to be repeated with new code.
> 
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>

Ok. The reason why testing the Kconfig is unnecessary should be included in the
patch description.  For example,

Commit 219a3e8676f3 ("integrity, KEYS: add a reference to platform keyring")
unnecessarily added the Kconfig test.  As platform_trusted_keys is already
initialized, simply use it.

Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>

> ---
>  certs/system_keyring.c | 6 ------
>  1 file changed, 6 deletions(-)
> 
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 9de610bf1f4b..e344cee10d28 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -24,9 +24,7 @@ static struct key *secondary_trusted_keys;
>  #ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
>  static struct key *machine_trusted_keys;
>  #endif
> -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
>  static struct key *platform_trusted_keys;
> -#endif
>  
>  extern __initconst const u8 system_certificate_list[];
>  extern __initconst const unsigned long system_certificate_list_size;
> @@ -345,11 +343,7 @@ int verify_pkcs7_message_sig(const void *data, size_t len,
>  		trusted_keys = builtin_trusted_keys;
>  #endif
>  	} else if (trusted_keys == VERIFY_USE_PLATFORM_KEYRING) {
> -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
>  		trusted_keys = platform_trusted_keys;
> -#else
> -		trusted_keys = NULL;
> -#endif
>  		if (!trusted_keys) {
>  			ret = -ENOKEY;
>  			pr_devel("PKCS#7 platform keyring is not available\n");