merged. Bruce
In message: [PATCH] features/ima: drop now retired IMA_TRUSTED_KEYRING option on 06/12/2023 paul.gortma...@windriver.com wrote: > From: Paul Gortmaker <paul.gortma...@windriver.com> > > Unfortunately linux-stable backported this: > > Subject: ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig > > From: Nayna Jain <na...@linux.ibm.com> > > [ Upstream commit 5087fd9e80e539d2163accd045b73da64de7de95 ] > > Time to remove "IMA_TRUSTED_KEYRING". > > ...to all releases still being maintained. > > stable-queue$git grep -l 5087fd9e80e539 > releases/5.10.195/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch > releases/5.15.132/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch > releases/5.4.257/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch > releases/6.1.53/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch > releases/6.4.16/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch > releases/6.5.3/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch > > So now when someone uses the feature, it triggers a do_kernel_configcheck > warning when the audit runs. > > We added this file way back in 2019 so this fix will be needed on all > active branches that are using an LTS linux-stable kernel listed above. > > Signed-off-by: Paul Gortmaker <paul.gortma...@windriver.com> > > diff --git a/features/ima/ima.cfg b/features/ima/ima.cfg > index acb5fd02986f..5fd3288e1986 100644 > --- a/features/ima/ima.cfg > +++ b/features/ima/ima.cfg > @@ -13,7 +13,6 @@ CONFIG_IMA_APPRAISE_SIGNED_INIT=y > CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > -CONFIG_IMA_TRUSTED_KEYRING=y > CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y > CONFIG_SIGNATURE=y > CONFIG_IMA_WRITE_POLICY=y > -- > 2.40.0 >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13388): https://lists.yoctoproject.org/g/linux-yocto/message/13388 Mute This Topic: https://lists.yoctoproject.org/mt/103013154/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/leave/6687884/21656/624485779/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-