On Wed, 2020-02-26 at 11:21 -0800, Lakshmi Ramasubramanian wrote: > Hi Nayna, > > > + > > +config IMA_SECURE_AND_OR_TRUSTED_BOOT > > + bool > > + depends on IMA > > + depends on IMA_ARCH_POLICY > > + default n > > + help > > + This option is selected by architectures to enable secure and/or > > + trusted boot based on IMA runtime policies. > > > > Why is the default for this new config "n"? > Is there any reason to not turn on this config if both IMA and > IMA_ARCH_POLICY are set to y? Good catch. Having "IMA_SECURE_AND_OR_TRUSTED_BOOT" depend on "IMA_ARCH_POLICY" doesn't make sense. "IMA_ARCH_POLICY" needs to be selected. thanks, Mimi
