Re: [PATCH v2 5/6] integrity: PowerVM machine keyring enablement
From: "Jarkko Sakkinen" <jarkko@kernel.org>
Date: 2023-08-10 21:30:55
Also in:
linux-integrity, linuxppc-dev, lkml
From: "Jarkko Sakkinen" <jarkko@kernel.org>
Date: 2023-08-10 21:30:55
Also in:
linux-integrity, linuxppc-dev, lkml
On Wed Aug 9, 2023 at 10:53 PM EEST, Nayna Jain wrote:
Update Kconfig to enable machine keyring and limit to CA certificates on PowerVM. Only key signing CA keys are allowed. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Reviewed-and-tested-by: Mimi Zohar [off-list ref] --- security/integrity/Kconfig | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index ec6e0d789da1..232191ee09e3 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig@@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING depends on SECONDARY_TRUSTED_KEYRING depends on INTEGRITY_ASYMMETRIC_KEYS depends on SYSTEM_BLACKLIST_KEYRING - depends on LOAD_UEFI_KEYS + depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS + select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS + select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS help If set, provide a keyring to which Machine Owner Keys (MOK) may be added. This keyring shall contain just MOK keys. Unlike keys-- 2.31.1
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko