LoadPin: Fix Kconfig doc about format of file with verity digests

The doc for CONFIG_SECURITY_LOADPIN_VERITY says that the file with verity
digests must contain a comma separated list of digests. That was the case
at some stage of the development, but was changed during the review
process to one digest per line. Update the Kconfig doc accordingly.

Reported-by: Jae Hoon Kim <kimjae@chromium.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Fixes: 3f805f8cc2 ("LoadPin: Enable loading from trusted dm-verity devices")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220829174557.1.I5d202d1344212a3800d9828f936df6511eb2d0d1@changeid
This commit is contained in:
Matthias Kaehlcke 2022-08-29 17:46:10 -07:00 committed by Kees Cook
parent ba38961a06
commit aafc203bba
1 changed files with 1 additions and 1 deletions

View File

@ -33,4 +33,4 @@ config SECURITY_LOADPIN_VERITY
on the LoadPin securityfs entry 'dm-verity'. The ioctl on the LoadPin securityfs entry 'dm-verity'. The ioctl
expects a file descriptor of a file with verity digests as expects a file descriptor of a file with verity digests as
parameter. The file must be located on the pinned root and parameter. The file must be located on the pinned root and
contain a comma separated list of digests. contain one digest per line.