On Wed Aug 9, 2023 at 10:53 PM EEST, Nayna Jain wrote: > Update Kconfig to enable machine keyring and limit to CA certificates > on PowerVM. Only key signing CA keys are allowed. > > Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx> > Reviewed-and-tested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > > --- > security/integrity/Kconfig | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig > index ec6e0d789da1..232191ee09e3 100644 > --- a/security/integrity/Kconfig > +++ b/security/integrity/Kconfig > @@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING > depends on SECONDARY_TRUSTED_KEYRING > depends on INTEGRITY_ASYMMETRIC_KEYS > depends on SYSTEM_BLACKLIST_KEYRING > - depends on LOAD_UEFI_KEYS > + depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS > + select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS > + select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS > help > If set, provide a keyring to which Machine Owner Keys (MOK) may > be added. This keyring shall contain just MOK keys. Unlike keys > -- > 2.31.1 Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> BR, Jarkko
