This is a note to let you know that I've just added the patch titled integrity: powerpc: Do not select CA_MACHINE_KEYRING to the 6.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: integrity-powerpc-do-not-select-ca_machine_keyring.patch and it can be found in the queue-6.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 3edc22655647378dea01900f7b04e017ff96bda9 Mon Sep 17 00:00:00 2001 From: Michal Suchanek <msuchanek@xxxxxxx> Date: Thu, 7 Sep 2023 18:52:19 +0200 Subject: integrity: powerpc: Do not select CA_MACHINE_KEYRING From: Michal Suchanek <msuchanek@xxxxxxx> commit 3edc22655647378dea01900f7b04e017ff96bda9 upstream. No other platform needs CA_MACHINE_KEYRING, either. This is policy that should be decided by the administrator, not Kconfig dependencies. Cc: stable@xxxxxxxxxxxxxxx # v6.6+ Fixes: d7d91c4743c4 ("integrity: PowerVM machine keyring enablement") Signed-off-by: Michal Suchanek <msuchanek@xxxxxxx> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- security/integrity/Kconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 232191ee09e3..b6e074ac0227 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -68,8 +68,6 @@ config INTEGRITY_MACHINE_KEYRING depends on INTEGRITY_ASYMMETRIC_KEYS depends on SYSTEM_BLACKLIST_KEYRING depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS - select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS - select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS help If set, provide a keyring to which Machine Owner Keys (MOK) may be added. This keyring shall contain just MOK keys. Unlike keys -- 2.43.0 Patches currently in stable-queue which might be from msuchanek@xxxxxxx are queue-6.6/integrity-powerpc-do-not-select-ca_machine_keyring.patch