From: Paul Gortmaker <paul.gortma...@windriver.com> Unfortunately linux-stable backported this:
Subject: ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig From: Nayna Jain <na...@linux.ibm.com> [ Upstream commit 5087fd9e80e539d2163accd045b73da64de7de95 ] Time to remove "IMA_TRUSTED_KEYRING". ...to all releases still being maintained. stable-queue$git grep -l 5087fd9e80e539 releases/5.10.195/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch releases/5.15.132/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch releases/5.4.257/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch releases/6.1.53/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch releases/6.4.16/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch releases/6.5.3/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch So now when someone uses the feature, it triggers a do_kernel_configcheck warning when the audit runs. We added this file way back in 2019 so this fix will be needed on all active branches that are using an LTS linux-stable kernel listed above. Signed-off-by: Paul Gortmaker <paul.gortma...@windriver.com> diff --git a/features/ima/ima.cfg b/features/ima/ima.cfg index acb5fd02986f..5fd3288e1986 100644 --- a/features/ima/ima.cfg +++ b/features/ima/ima.cfg @@ -13,7 +13,6 @@ CONFIG_IMA_APPRAISE_SIGNED_INIT=y CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y -CONFIG_IMA_TRUSTED_KEYRING=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_SIGNATURE=y CONFIG_IMA_WRITE_POLICY=y -- 2.40.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13387): https://lists.yoctoproject.org/g/linux-yocto/message/13387 Mute This Topic: https://lists.yoctoproject.org/mt/103013154/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
