Commit 5087fd9e authored by Nayna Jain's avatar Nayna Jain Committed by Mimi Zohar
Browse files

ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig 



Time to remove "IMA_TRUSTED_KEYRING".

Fixes: f4dc3778 ("integrity: define '.evm' as a builtin 'trusted' keyring") # v4.5+
Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 5d0c230f

security/integrity/ima/Kconfig

+0 −12
Original line number Diff line number Diff line
@@ -248,18 +248,6 @@ config IMA_APPRAISE_MODSIG 
	   The modsig keyword can be used in the IMA policy to allow a hook

	   to accept such signatures.



config IMA_TRUSTED_KEYRING

	bool "Require all keys on the .ima keyring be signed (deprecated)"

	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING

	depends on INTEGRITY_ASYMMETRIC_KEYS

	select INTEGRITY_TRUSTED_KEYRING

	default y

	help

	   This option requires that all keys added to the .ima

	   keyring be signed by a key on the system trusted keyring.



	   This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING



config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY

	bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"

	depends on SYSTEM_TRUSTED_KEYRING