Commit be210c6d authored by Oleksandr Tymoshenko's avatar Oleksandr Tymoshenko Committed by Mimi Zohar
Browse files

ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig 



The removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509
and IMA_BLACKLIST_KEYRING unavailable because the latter
two depend on the former. Since IMA_TRUSTED_KEYRING was
deprecated in favor of INTEGRITY_TRUSTED_KEYRING use it
as a dependency for the two Kconfigs affected by the
deprecation.

Fixes: 5087fd9e ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig")
Signed-off-by: default avatarOleksandr Tymoshenko <ovt@google.com>
Reviewed-by: default avatarNayna Jain <nayna@linux.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 6465e260

security/integrity/ima/Kconfig

+2 −2
Original line number Diff line number Diff line
@@ -269,7 +269,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY 
config IMA_BLACKLIST_KEYRING

	bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"

	depends on SYSTEM_TRUSTED_KEYRING

	depends on IMA_TRUSTED_KEYRING

	depends on INTEGRITY_TRUSTED_KEYRING

	default n

	help

	   This option creates an IMA blacklist keyring, which contains all
@@ -279,7 +279,7 @@ config IMA_BLACKLIST_KEYRING 


config IMA_LOAD_X509

	bool "Load X509 certificate onto the '.ima' trusted keyring"

	depends on IMA_TRUSTED_KEYRING

	depends on INTEGRITY_TRUSTED_KEYRING

	default n

	help

	   File signature verification is based on the public keys