Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f3d0e65 authored by Nayna Jain's avatar Nayna Jain Committed by Greg Kroah-Hartman
Browse files

ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig 



[ Upstream commit 5087fd9e80e539d2163accd045b73da64de7de95 ]

Time to remove "IMA_TRUSTED_KEYRING".

Fixes: f4dc3778 ("integrity: define '.evm' as a builtin 'trusted' keyring") # v4.5+
Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent dbdc8289

security/integrity/ima/Kconfig

+0 −12
Original line number Diff line number Diff line
@@ -243,18 +243,6 @@ config IMA_APPRAISE_MODSIG 
	   The modsig keyword can be used in the IMA policy to allow a hook

	   to accept such signatures.



config IMA_TRUSTED_KEYRING

	bool "Require all keys on the .ima keyring be signed (deprecated)"

	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING

	depends on INTEGRITY_ASYMMETRIC_KEYS

	select INTEGRITY_TRUSTED_KEYRING

	default y

	help

	   This option requires that all keys added to the .ima

	   keyring be signed by a key on the system trusted keyring.



	   This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING



config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY

	bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"

	depends on SYSTEM_TRUSTED_KEYRING