[PATCH v2 5/6] integrity: PowerVM machine keyring enablement

[PATCH v2 0/6] Enable loading local and third party keys on PowerVM guest · Nayna Jain <nayna@linux.ibm.com> · 2023-08-09
[PATCH v2 2/6] integrity: ignore keys failing CA restrictions on non-UEFI platform · Nayna Jain <nayna@linux.ibm.com> · 2023-08-09
[PATCH v2 4/6] integrity: check whether imputed trust is enabled · Nayna Jain <nayna@linux.ibm.com> · 2023-08-09
[PATCH v2 6/6] integrity: PowerVM support for loading third party code signing keys · Nayna Jain <nayna@linux.ibm.com> · 2023-08-09
Re: [PATCH v2 6/6] integrity: PowerVM support for loading third party code signing keys · "Jarkko Sakkinen" <jarkko@kernel.org> · 2023-08-10
[PATCH v2 1/6] integrity: PowerVM support for loading CA keys on machine keyring · Nayna Jain <nayna@linux.ibm.com> · 2023-08-09
[PATCH v2 5/6] integrity: PowerVM machine keyring enablement · Nayna Jain <nayna@linux.ibm.com> · 2023-08-09
Re: [PATCH v2 5/6] integrity: PowerVM machine keyring enablement · "Jarkko Sakkinen" <jarkko@kernel.org> · 2023-08-10
[PATCH v2 3/6] integrity: remove global variable from machine_keyring.c · Nayna Jain <nayna@linux.ibm.com> · 2023-08-09
Re: [PATCH v2 3/6] integrity: remove global variable from machine_keyring.c · "Jarkko Sakkinen" <jarkko@kernel.org> · 2023-08-10

STALE1031d

Revisions (4)

2023-07-14 v1 [diff vs current]
2023-08-09 v2 current
2023-08-13 v3 [diff vs current]
2023-08-15 v4 [diff vs current]

From: Nayna Jain <nayna@linux.ibm.com>
Date: 2023-08-09 20:29:04
Also in: linux-integrity, linuxppc-dev, lkml
Subsystem: extended verification module (evm), integrity measurement architecture (ima), security subsystem, the rest · Maintainers: Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

Update Kconfig to enable machine keyring and limit to CA certificates
on PowerVM. Only key signing CA keys are allowed.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-and-tested-by: Mimi Zohar [off-list ref]

---
 security/integrity/Kconfig | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index ec6e0d789da1..232191ee09e3 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig

@@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING
 	depends on SECONDARY_TRUSTED_KEYRING
 	depends on INTEGRITY_ASYMMETRIC_KEYS
 	depends on SYSTEM_BLACKLIST_KEYRING
-	depends on LOAD_UEFI_KEYS
+	depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS
+	select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
+	select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
 	help
 	 If set, provide a keyring to which Machine Owner Keys (MOK) may
 	 be added. This keyring shall contain just MOK keys.  Unlike keys

-- 
2.31.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help