[redhat] New configs in security/integrity (!2410) · Merge requests · cki-project / kernel-ark

CKI ARK Bot requested to merge configs/2023-04-25/security/integrity into os-build Apr 25, 2023

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

Symbol: INTEGRITY_CA_MACHINE_KEYRING [=n] Type : bool Defined at security/integrity/Kconfig:77 Prompt: Enforce Machine Keyring CA Restrictions Depends on: INTEGRITY [=y] && INTEGRITY_MACHINE_KEYRING [=y] Location: -> Security options -> Integrity subsystem (INTEGRITY [=y]) -> Digital signature verification using multiple keyrings (INTEGRITY_SIGNATURE [=y]) -> Enable asymmetric keys support (INTEGRITY_ASYMMETRIC_KEYS [=y]) -> Provide a keyring to which Machine Owner Keys may be added (INTEGRITY_MACHINE_KEYRING [=y]) -> Enforce Machine Keyring CA Restrictions (INTEGRITY_CA_MACHINE_KEYRING [=n])

Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org

[redhat] New configs in security/integrity

Merge request reports