[PATCH v4 5/6] integrity: PowerVM machine keyring enablement

R Nageswara Sastry rnsastry at linux.ibm.com
Wed Aug 16 14:42:01 UTC 2023



On 15/08/23 4:57 pm, Nayna Jain wrote:
> Update Kconfig to enable machine keyring and limit to CA certificates
> on PowerVM. Only key signing CA keys are allowed.
> 
> Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
> Reviewed-and-tested-by: Mimi Zohar <zohar at linux.ibm.com>
> Reviewed-by: Jarkko Sakkinen <jarkko at kernel.org>

Tested with trustedcadb, moduledb scenarios
Tested-by: Nageswara R Sastry <rnsastry at linux.ibm.com>

> ---
>   security/integrity/Kconfig | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
> index ec6e0d789da1..232191ee09e3 100644
> --- a/security/integrity/Kconfig
> +++ b/security/integrity/Kconfig
> @@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING
>   	depends on SECONDARY_TRUSTED_KEYRING
>   	depends on INTEGRITY_ASYMMETRIC_KEYS
>   	depends on SYSTEM_BLACKLIST_KEYRING
> -	depends on LOAD_UEFI_KEYS
> +	depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS
> +	select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
> +	select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
>   	help
>   	 If set, provide a keyring to which Machine Owner Keys (MOK) may
>   	 be added. This keyring shall contain just MOK keys.  Unlike keys

-- 
Thanks and Regards
R.Nageswara Sastry



More information about the Linux-security-module-archive mailing list