Commit d7d91c47 authored by Nayna Jain's avatar Nayna Jain Committed by Jarkko Sakkinen
Browse files

integrity: PowerVM machine keyring enablement 



Update Kconfig to enable machine keyring and limit to CA certificates
on PowerVM. Only key signing CA keys are allowed.

Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
Reviewed-and-tested-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Tested-by: default avatarNageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
parent 4cb1ed94

security/integrity/Kconfig

+3 −1
Original line number Diff line number Diff line
@@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING 
	depends on SECONDARY_TRUSTED_KEYRING

	depends on INTEGRITY_ASYMMETRIC_KEYS

	depends on SYSTEM_BLACKLIST_KEYRING

	depends on LOAD_UEFI_KEYS

	depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS

	select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS

	select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS

	help

	 If set, provide a keyring to which Machine Owner Keys (MOK) may

	 be added. This keyring shall contain just MOK keys.  Unlike keys