summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNayna Jain <nayna@linux.ibm.com>2023-08-15 07:27:21 -0400
committerJarkko Sakkinen <jarkko@kernel.org>2023-08-17 20:12:35 +0000
commitd7d91c4743c4ef0f60b7556d2794b6dd27cda373 (patch)
tree12ed7a75661f35058dfbe0c55e606f17d44b0800
parent4cb1ed94f18047d0863f976bc95aa7c0584cc51c (diff)
integrity: PowerVM machine keyring enablement
Update Kconfig to enable machine keyring and limit to CA certificates on PowerVM. Only key signing CA keys are allowed. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
-rw-r--r--security/integrity/Kconfig4
1 files changed, 3 insertions, 1 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index ec6e0d789da1..232191ee09e3 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING
depends on SECONDARY_TRUSTED_KEYRING
depends on INTEGRITY_ASYMMETRIC_KEYS
depends on SYSTEM_BLACKLIST_KEYRING
- depends on LOAD_UEFI_KEYS
+ depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS
+ select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
+ select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
help
If set, provide a keyring to which Machine Owner Keys (MOK) may
be added. This keyring shall contain just MOK keys. Unlike keys