mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-05 00:20:32 +00:00
ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
[ Upstream commit5087fd9e80
] Time to remove "IMA_TRUSTED_KEYRING". Fixes:f4dc37785e
("integrity: define '.evm' as a builtin 'trusted' keyring") # v4.5+ Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
e2d1c9b397
commit
524f23b082
1 changed files with 0 additions and 12 deletions
|
@ -248,18 +248,6 @@ config IMA_APPRAISE_MODSIG
|
||||||
The modsig keyword can be used in the IMA policy to allow a hook
|
The modsig keyword can be used in the IMA policy to allow a hook
|
||||||
to accept such signatures.
|
to accept such signatures.
|
||||||
|
|
||||||
config IMA_TRUSTED_KEYRING
|
|
||||||
bool "Require all keys on the .ima keyring be signed (deprecated)"
|
|
||||||
depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
|
|
||||||
depends on INTEGRITY_ASYMMETRIC_KEYS
|
|
||||||
select INTEGRITY_TRUSTED_KEYRING
|
|
||||||
default y
|
|
||||||
help
|
|
||||||
This option requires that all keys added to the .ima
|
|
||||||
keyring be signed by a key on the system trusted keyring.
|
|
||||||
|
|
||||||
This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING
|
|
||||||
|
|
||||||
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
|
config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
|
||||||
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
|
bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)"
|
||||||
depends on SYSTEM_TRUSTED_KEYRING
|
depends on SYSTEM_TRUSTED_KEYRING
|
||||||
|
|
Loading…
Reference in a new issue