| Message ID | 1460838870-1251174-1-git-send-email-arnd@arndb.de |
|---|---|
| State | New |
| Headers | show |
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index aab9b0a53edf..5487827fa86c 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -159,6 +159,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)" depends on SYSTEM_TRUSTED_KEYRING depends on SECONDARY_TRUSTED_KEYRING + depends on INTEGRITY_ASYMMETRIC_KEYS select INTEGRITY_TRUSTED_KEYRING default n help
The newly added CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY option only makes sense in combination with INTEGRITY_ASYMMETRIC_KEYS, otherwise we get a build error: warning: (IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY) selects INTEGRITY_TRUSTED_KEYRING which has unmet direct dependencies (INTEGRITY && SYSTEM_TRUSTED_KEYRING && INTEGRITY_ASYMMETRIC_KEYS) security/integrity/evm/evm_main.c: In function 'evm_load_x509': security/integrity/evm/evm_main.c:494:7: error: implicit declaration of function 'integrity_load_x509' rc = integrity_load_x509(INTEGRITY_KEYRING_EVM, CONFIG_EVM_X509_PATH); This adds a Kconfig dependency. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 9e1bbe8b8992 ("IMA: Use the the system trusted keyrings instead of .ima_mok") --- security/integrity/ima/Kconfig | 1 + 1 file changed, 1 insertion(+) -- 2.7.0