mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-29 13:53:33 +00:00
ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
Time to remove "IMA_TRUSTED_KEYRING".
Fixes: f4dc37785e
("integrity: define '.evm' as a builtin 'trusted' keyring") # v4.5+
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
parent
5d0c230f1d
commit
5087fd9e80
1 changed files with 0 additions and 12 deletions
|
@ -248,18 +248,6 @@ config IMA_APPRAISE_MODSIG
|
||||||
The modsig keyword can be used in the IMA policy to allow a hook
|
The modsig keyword can be used in the IMA policy to allow a hook
|
||||||
to accept such signatures.
|
to accept such signatures.
|
||||||
|
|
||||||
config IMA_TRUSTED_KEYRING
|
|
||||||
bool "Require all keys on the .ima keyring be signed (deprecated)"
|
|
||||||
depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
|
|
||||||
depends on INTEGRITY_ASYMMETRIC_KEYS
|
|
||||||
select INTEGRITY_TRUSTED_KEYRING
|
|
||||||
default y
|
|
||||||
help
|
|
||||||
This option requires that all keys added to the .ima
|
|
||||||
keyring be signed by a key on the system trusted keyring.
|
|
||||||
|
|
||||||
This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
|
|
||||||
|
|
||||||
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
|
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
|
||||||
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
|
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
|
||||||
depends on SYSTEM_TRUSTED_KEYRING
|
depends on SYSTEM_TRUSTED_KEYRING
|
||||||
|
|
Loading…
Reference in a new issue