[PATCH] integrity: Update comment for load_moklist_certs()

Jarkko Sakkinen jarkko at kernel.org
Sun May 12 23:03:59 UTC 2024


On Sat May 11, 2024 at 6:22 AM EEST, Yusong Gao wrote:
> After commit 45fcd5e521cd ("integrity: add new keyring handler for
> mok keys"), the comment about load_moklist_certs() is out-of-date.
> Change keyring name from platform to machine.
>
> Signed-off-by: Yusong Gao <a869920004 at gmail.com>
> ---
>  security/integrity/platform_certs/load_uefi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> index d1fdd113450a..e954776d3cfb 100644
> --- a/security/integrity/platform_certs/load_uefi.c
> +++ b/security/integrity/platform_certs/load_uefi.c
> @@ -97,7 +97,7 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
>   * load_moklist_certs() - Load MokList certs
>   *
>   * Load the certs contained in the UEFI MokListRT database into the
> - * platform trusted keyring.
> + * machine keyring.
>   *
>   * This routine checks the EFI MOK config table first. If and only if
>   * that fails, this routine uses the MokListRT ordinary UEFI variable.

Alone pretty useless change to be honest. Can be fixed up when something
relevant is changed.

BR, Jarkko



More information about the Linux-security-module-archive mailing list