Re: [linux-yocto] [PATCH] features/ima: drop now retired IMA_TRUSTED_KEYRING option

Wed, 06 Dec 2023 12:57:27 -0800 

merged.

Bruce

In message: [PATCH] features/ima: drop now retired IMA_TRUSTED_KEYRING option
on 06/12/2023 paul.gortma...@windriver.com wrote:

> From: Paul Gortmaker <paul.gortma...@windriver.com>
> 
> Unfortunately linux-stable backported this:
> 
>   Subject: ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
> 
>   From: Nayna Jain <na...@linux.ibm.com>
> 
>   [ Upstream commit 5087fd9e80e539d2163accd045b73da64de7de95 ]
> 
>   Time to remove "IMA_TRUSTED_KEYRING".
> 
> ...to all releases still being maintained.
> 
> stable-queue$git grep -l 5087fd9e80e539
> releases/5.10.195/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
> releases/5.15.132/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
> releases/5.4.257/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
> releases/6.1.53/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
> releases/6.4.16/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
> releases/6.5.3/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
> 
> So now when someone uses the feature, it triggers a do_kernel_configcheck
> warning when the audit runs.
> 
> We added this file way back in 2019 so this fix will be needed on all
> active branches that are using an LTS linux-stable kernel listed above.
> 
> Signed-off-by: Paul Gortmaker <paul.gortma...@windriver.com>
> 
> diff --git a/features/ima/ima.cfg b/features/ima/ima.cfg
> index acb5fd02986f..5fd3288e1986 100644
> --- a/features/ima/ima.cfg
> +++ b/features/ima/ima.cfg
> @@ -13,7 +13,6 @@ CONFIG_IMA_APPRAISE_SIGNED_INIT=y
>  CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
>  CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
>  CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> -CONFIG_IMA_TRUSTED_KEYRING=y
>  CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
>  CONFIG_SIGNATURE=y
>  CONFIG_IMA_WRITE_POLICY=y
> -- 
> 2.40.0
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13388): 
https://lists.yoctoproject.org/g/linux-yocto/message/13388
Mute This Topic: https://lists.yoctoproject.org/mt/103013154/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: 
https://lists.yoctoproject.org/g/linux-yocto/leave/6687884/21656/624485779/xyzzy
 [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to