Skip to content

Commit

Permalink
integrity: PowerVM machine keyring enablement
Browse files Browse the repository at this point in the history 
Update Kconfig to enable machine keyring and limit to CA certificates
on PowerVM. Only key signing CA keys are allowed.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
  • Loading branch information
@naynajain @jarkkojs
naynajain authored and jarkkojs committed Aug 17, 2023
1 parent 4cb1ed9 commit d7d91c4
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion security/integrity/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING
depends on SECONDARY_TRUSTED_KEYRING
depends on INTEGRITY_ASYMMETRIC_KEYS
depends on SYSTEM_BLACKLIST_KEYRING
depends on LOAD_UEFI_KEYS
depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS
select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
help
If set, provide a keyring to which Machine Owner Keys (MOK) may
be added. This keyring shall contain just MOK keys. Unlike keys
Expand Down

0 comments on commit d7d91c4

Please sign in to comment.