> On Nov 6, 2023, at 12:33 PM, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > Hi Eric, > > The subject line is referred to as the 'summary' phrase. As far as I'm > aware the length is still between 70-75 charcaters. Refer to > https://www.kernel.org/doc/Documentation/process/submitting-patches.rst > . > > On Thu, 2023-11-02 at 13:06 -0400, Eric Snowberg wrote: >> When the machine keyring is enabled, it may be used as a trust source >> for the .ima keyring. Add a reference to this in >> IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY. >> >> Signed-off-by: Eric Snowberg <eric.snowberg@xxxxxxxxxx> >> --- >> security/integrity/ima/Kconfig | 10 +++++----- >> 1 file changed, 5 insertions(+), 5 deletions(-) >> >> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig >> index a6bd817efc1a..c5dc0fabbc8b 100644 >> --- a/security/integrity/ima/Kconfig >> +++ b/security/integrity/ima/Kconfig >> @@ -243,7 +243,7 @@ config IMA_APPRAISE_MODSIG >> to accept such signatures. >> >> config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY >> - bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)" >> + bool "Permit keys validly signed by a built-in, secondary or machine CA cert (EXPERIMENTAL)" > > Please add 'machine' in between built-in and secondary, like described > below. I'll make both changes and send out a new version, thanks.
