LoadPin: Fix Kconfig doc about format of file with verity digests

commit aafc203bbad4bf6cf394a34ea698c2b0b8affae0 upstream.

The doc for CONFIG_SECURITY_LOADPIN_VERITY says that the file with verity
digests must contain a comma separated list of digests. That was the case
at some stage of the development, but was changed during the review
process to one digest per line. Update the Kconfig doc accordingly.

Reported-by: Jae Hoon Kim <kimjae@chromium.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Fixes: 3f805f8cc23b ("LoadPin: Enable loading from trusted dm-verity devices")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220829174557.1.I5d202d1344212a3800d9828f936df6511eb2d0d1@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig
index 70e7985b2561c2ac0b6f3f99cf319caa5f03c783..994c1d9376e6b2bff820d9f5956e14f6ef031e0f 100644 (file)
--- a/security/loadpin/Kconfig
+++ b/security/loadpin/Kconfig
@@ -33,4 +33,4 @@ config SECURITY_LOADPIN_VERITY
          on the LoadPin securityfs entry 'dm-verity'. The ioctl
          expects a file descriptor of a file with verity digests as
          parameter. The file must be located on the pinned root and
-         contain a comma separated list of digests.
+         contain one digest per line.