This is a note to let you know that I've just added the patch titled
integrity: powerpc: Do not select CA_MACHINE_KEYRING
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
integrity-powerpc-do-not-select-ca_machine_keyring.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 3edc22655647378dea01900f7b04e017ff96bda9 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@xxxxxxx>
Date: Thu, 7 Sep 2023 18:52:19 +0200
Subject: integrity: powerpc: Do not select CA_MACHINE_KEYRING
From: Michal Suchanek <msuchanek@xxxxxxx>
commit 3edc22655647378dea01900f7b04e017ff96bda9 upstream.
No other platform needs CA_MACHINE_KEYRING, either.
This is policy that should be decided by the administrator, not Kconfig
dependencies.
Cc: stable@xxxxxxxxxxxxxxx # v6.6+
Fixes: d7d91c4743c4 ("integrity: PowerVM machine keyring enablement")
Signed-off-by: Michal Suchanek <msuchanek@xxxxxxx>
Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
security/integrity/Kconfig | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 232191ee09e3..b6e074ac0227 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -68,8 +68,6 @@ config INTEGRITY_MACHINE_KEYRING
depends on INTEGRITY_ASYMMETRIC_KEYS
depends on SYSTEM_BLACKLIST_KEYRING
depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS
- select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
- select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
help
If set, provide a keyring to which Machine Owner Keys (MOK) may
be added. This keyring shall contain just MOK keys. Unlike keys
--
2.43.0
Patches currently in stable-queue which might be from msuchanek@xxxxxxx are
queue-6.6/integrity-powerpc-do-not-select-ca_machine_keyring.patch
