Message ID | 20230809195315.1085656-6-nayna@linux.ibm.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Enable loading local and third party keys on PowerVM guest | expand |
On Wed Aug 9, 2023 at 10:53 PM EEST, Nayna Jain wrote: > Update Kconfig to enable machine keyring and limit to CA certificates > on PowerVM. Only key signing CA keys are allowed. > > Signed-off-by: Nayna Jain <nayna@linux.ibm.com> > Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com> > > --- > security/integrity/Kconfig | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig > index ec6e0d789da1..232191ee09e3 100644 > --- a/security/integrity/Kconfig > +++ b/security/integrity/Kconfig > @@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING > depends on SECONDARY_TRUSTED_KEYRING > depends on INTEGRITY_ASYMMETRIC_KEYS > depends on SYSTEM_BLACKLIST_KEYRING > - depends on LOAD_UEFI_KEYS > + depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS > + select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS > + select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS > help > If set, provide a keyring to which Machine Owner Keys (MOK) may > be added. This keyring shall contain just MOK keys. Unlike keys > -- > 2.31.1 Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index ec6e0d789da1..232191ee09e3 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING depends on SECONDARY_TRUSTED_KEYRING depends on INTEGRITY_ASYMMETRIC_KEYS depends on SYSTEM_BLACKLIST_KEYRING - depends on LOAD_UEFI_KEYS + depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS + select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS + select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS help If set, provide a keyring to which Machine Owner Keys (MOK) may be added. This keyring shall contain just MOK keys. Unlike keys
Update Kconfig to enable machine keyring and limit to CA certificates on PowerVM. Only key signing CA keys are allowed. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com> --- security/integrity/Kconfig | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)