On Wed, 2018-12-12 at 16:14 -0200, Thiago Jung Bauermann wrote: [snip] > Subject: [PATCH] ima: Only use the platform keyring if it's enabled > > Signed-off-by: Thiago Jung Bauermann <[email protected]>
Good catch! Thanks. Mimi > --- > security/integrity/ima/ima_appraise.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/security/integrity/ima/ima_appraise.c > b/security/integrity/ima/ima_appraise.c > index e8f520450895..f6ac405daabb 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -297,7 +297,8 @@ int ima_appraise_measurement(enum ima_hooks func, > status = INTEGRITY_UNKNOWN; > break; > } > - if (rc && func == KEXEC_KERNEL_CHECK) > + if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc && > + func == KEXEC_KERNEL_CHECK) > rc = integrity_digsig_verify(INTEGRITY_KEYRING_PLATFORM, > (const char *)xattr_value, > xattr_len, _______________________________________________ kexec mailing list [email protected] http://lists.infradead.org/mailman/listinfo/kexec
