From: Nayna Jain <nayna@linux.ibm.com>
Date: Tue, 15 Aug 2023 11:27:21 +0000 (-0400)
Subject: integrity: PowerVM machine keyring enablement
X-Git-Tag: v6.6.7~2091^2~9
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d7d91c4743c4ef0f60b7556d2794b6dd27cda373;p=platform%2Fkernel%2Flinux-starfive.git

integrity: PowerVM machine keyring enablement

Update Kconfig to enable machine keyring and limit to CA certificates
on PowerVM. Only key signing CA keys are allowed.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-and-tested-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---

diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index ec6e0d7..232191e 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -67,7 +67,9 @@ config INTEGRITY_MACHINE_KEYRING
 	depends on SECONDARY_TRUSTED_KEYRING
 	depends on INTEGRITY_ASYMMETRIC_KEYS
 	depends on SYSTEM_BLACKLIST_KEYRING
-	depends on LOAD_UEFI_KEYS
+	depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS
+	select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
+	select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
 	help
 	 If set, provide a keyring to which Machine Owner Keys (MOK) may
 	 be added. This keyring shall contain just MOK keys.  Unlike keys