Skip to content

Commit

Permalink
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
Browse files Browse the repository at this point in the history
[ Upstream commit be210c6 ]

The removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509
and IMA_BLACKLIST_KEYRING unavailable because the latter
two depend on the former. Since IMA_TRUSTED_KEYRING was
deprecated in favor of INTEGRITY_TRUSTED_KEYRING use it
as a dependency for the two Kconfigs affected by the
deprecation.

Fixes: 5087fd9 ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig")
Signed-off-by: Oleksandr Tymoshenko <[email protected]>
Reviewed-by: Nayna Jain <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
  • Loading branch information
gonzoua authored and gregkh committed Oct 10, 2023
1 parent dfce401 commit acf11f6
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions security/integrity/ima/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
config IMA_BLACKLIST_KEYRING
bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
depends on SYSTEM_TRUSTED_KEYRING
depends on IMA_TRUSTED_KEYRING
depends on INTEGRITY_TRUSTED_KEYRING
default n
help
This option creates an IMA blacklist keyring, which contains all
Expand All @@ -278,7 +278,7 @@ config IMA_BLACKLIST_KEYRING

config IMA_LOAD_X509
bool "Load X509 certificate onto the '.ima' trusted keyring"
depends on IMA_TRUSTED_KEYRING
depends on INTEGRITY_TRUSTED_KEYRING
default n
help
File signature verification is based on the public keys
Expand Down

0 comments on commit acf11f6

Please sign in to comment.