Merge tag 'integrity-v6.6-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull integrity fixes from Mimi Zohar:
"Two additional patches to fix the removal of the deprecated
IMA_TRUSTED_KEYRING Kconfig"

* tag 'integrity-v6.6-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
ima: rework CONFIG_IMA dependency block
ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig

Linus Torvalds 2 years ago cb84fb87 e90822d7

+8 -14

1 changed file

expand all

security

integrity

ima

Kconfig

+8 -14

security/integrity/ima/Kconfig

··· 29 29 to learn more about IMA. 30 30 If unsure, say N. 31 31 32 + if IMA 33 + 32 34 config IMA_KEXEC 33 35 bool "Enable carrying the IMA measurement list across a soft boot" 34 - depends on IMA && TCG_TPM && HAVE_IMA_KEXEC 36 + depends on TCG_TPM && HAVE_IMA_KEXEC 35 37 default n 36 38 help 37 39 TPM PCRs are only reset on a hard reboot. In order to validate ··· 45 43 46 44 config IMA_MEASURE_PCR_IDX 47 45 int 48 - depends on IMA 49 46 range 8 14 50 47 default 10 51 48 help ··· 54 53 55 54 config IMA_LSM_RULES 56 55 bool 57 - depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR) 56 + depends on AUDIT && (SECURITY_SELINUX || SECURITY_SMACK || SECURITY_APPARMOR) 58 57 default y 59 58 help 60 59 Disabling this option will disregard LSM based policy rules. ··· 62 61 choice 63 62 prompt "Default template" 64 63 default IMA_NG_TEMPLATE 65 - depends on IMA 66 64 help 67 65 Select the default IMA measurement template. 68 66 ··· 80 80 81 81 config IMA_DEFAULT_TEMPLATE 82 82 string 83 - depends on IMA 84 83 default "ima-ng" if IMA_NG_TEMPLATE 85 84 default "ima-sig" if IMA_SIG_TEMPLATE 86 85 87 86 choice 88 87 prompt "Default integrity hash algorithm" 89 88 default IMA_DEFAULT_HASH_SHA1 90 - depends on IMA 91 89 help 92 90 Select the default hash algorithm used for the measurement 93 91 list, integrity appraisal and audit log. The compiled default ··· 115 117 116 118 config IMA_DEFAULT_HASH 117 119 string 118 - depends on IMA 119 120 default "sha1" if IMA_DEFAULT_HASH_SHA1 120 121 default "sha256" if IMA_DEFAULT_HASH_SHA256 121 122 default "sha512" if IMA_DEFAULT_HASH_SHA512 ··· 123 126 124 127 config IMA_WRITE_POLICY 125 128 bool "Enable multiple writes to the IMA policy" 126 - depends on IMA 127 129 default n 128 130 help 129 131 IMA policy can now be updated multiple times. The new rules get ··· 133 137 134 138 config IMA_READ_POLICY 135 139 bool "Enable reading back the current IMA policy" 136 - depends on IMA 137 140 default y if IMA_WRITE_POLICY 138 141 default n if !IMA_WRITE_POLICY 139 142 help ··· 142 147 143 148 config IMA_APPRAISE 144 149 bool "Appraise integrity measurements" 145 - depends on IMA 146 150 default n 147 151 help 148 152 This option enables local measurement integrity appraisal. ··· 263 269 config IMA_BLACKLIST_KEYRING 264 270 bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)" 265 271 depends on SYSTEM_TRUSTED_KEYRING 266 - depends on IMA_TRUSTED_KEYRING 272 + depends on INTEGRITY_TRUSTED_KEYRING 267 273 default n 268 274 help 269 275 This option creates an IMA blacklist keyring, which contains all ··· 273 279 274 280 config IMA_LOAD_X509 275 281 bool "Load X509 certificate onto the '.ima' trusted keyring" 276 - depends on IMA_TRUSTED_KEYRING 282 + depends on INTEGRITY_TRUSTED_KEYRING 277 283 default n 278 284 help 279 285 File signature verification is based on the public keys ··· 298 304 299 305 config IMA_MEASURE_ASYMMETRIC_KEYS 300 306 bool 301 - depends on IMA 302 307 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y 303 308 default y 304 309 ··· 316 323 317 324 config IMA_DISABLE_HTABLE 318 325 bool "Disable htable to allow measurement of duplicate records" 319 - depends on IMA 320 326 default n 321 327 help 322 328 This option disables htable to allow measurement of duplicate records. 329 + 330 + endif