On 2020-07-30 11:02:50, Lakshmi Ramasubramanian wrote: > On 7/29/20 8:47 PM, Lakshmi Ramasubramanian wrote: > > Hi Tyler, > > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > > index 080c53545ff0..86cba844f73c 100644 > > --- a/security/integrity/ima/Kconfig > > +++ b/security/integrity/ima/Kconfig > > @@ -322,10 +322,9 @@ config IMA_MEASURE_ASYMMETRIC_KEYS > > depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y > > default y > > -config IMA_QUEUE_EARLY_BOOT_KEYS > > +config IMA_QUEUE_EARLY_BOOT_DATA > > bool > > - depends on IMA_MEASURE_ASYMMETRIC_KEYS > > - depends on SYSTEM_TRUSTED_KEYRING > > + depends on SECURITY || (IMA_MEASURE_ASYMMETRIC_KEYS && SYSTEM_TRUSTED_KEYRING) > > default y > Similar to the change you'd suggested for validating LSM_STATE and > LSM_POLICY func, I think IMA_QUEUE_EARLY_BOOT_DATA config should be enabled > for SECURITY_SELINUX. > > depends on SECURITY_SELINUX || > (IMA_MEASURE_ASYMMETRIC_KEYS && SYSTEM_TRUSTED_KEYRING) > > And, when more security modules are added update this CONFIG as appropriate. > > Does that sound okay? Yes, I think so. Tyler > > -lakshmi
