[PATCH 3/3] integrity: Remove EXPERIMENTAL from Kconfig

Jarkko Sakkinen jarkko at kernel.org
Wed May 10 22:42:08 UTC 2023


On Tue May 9, 2023 at 1:07 AM EEST, Eric Snowberg wrote:
> Remove the EXPERIMENTAL from the
> IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY Kconfig
> now that digitalSignature usage enforcement is set.
>
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
> ---
>  security/integrity/ima/Kconfig | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index 684425936c53..225c92052a4d 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -261,7 +261,7 @@ config IMA_TRUSTED_KEYRING
>  	   This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
>  
>  config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
> -	bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
> +	bool "Permit keys validly signed by a built-in or secondary CA cert"
>  	depends on SYSTEM_TRUSTED_KEYRING
>  	depends on SECONDARY_TRUSTED_KEYRING
>  	depends on INTEGRITY_ASYMMETRIC_KEYS
> -- 
> 2.27.0

Acked-by: Jarkko Sakkinen <jarkko at kernel.org>

BR, Jarkko



More information about the Linux-security-module-archive mailing list