tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

s390: Drop unnecessary CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT

Commit b5ca117365d9 ("ima: prevent kexec_load syscall based on runtime
secureboot flag") and commit 268a78404973 ("s390/kexec_file: Disable
kexec_load when IPLed secure") disabled the kexec_load syscall based
on the secureboot mode. Commit 9e2b4be377f0 ("ima: add a new CONFIG
for loading arch-specific policies") needed to detect the secure boot
mode, not to load an IMA architecture specific policy. Since there is
the new CONFIG_INTEGRITY_SECURE_BOOT, drop
CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT for s390.

Signed-off-by: Coiby Xu <coxu@redhat.com>
Tested-by: Alexander Egorenkov <egorenar@linux.ibm.com>
[Vasily Gorbik: Fix missing arch_get_secureboot() prototype warning]
link: https://lore.kernel.org/linux-integrity/c00-01.ttbfdx5@ub.hpns/
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

authored by

Coiby Xu and committed by
Mimi Zohar a2e507af cf75c863

+1 -10
-1
arch/s390/Kconfig
··· 80 80 # 81 81 # Note: keep this list sorted alphabetically 82 82 # 83 - imply IMA_SECURE_AND_OR_TRUSTED_BOOT 84 83 select ALTERNATE_USER_ADDRESS_SPACE 85 84 select ARCH_32BIT_USTAT_F_TINODE 86 85 select ARCH_CORRECT_STACKTRACE_ON_KRETPROBE
-1
arch/s390/kernel/Makefile
··· 71 71 obj-$(CONFIG_KEXEC_FILE) += machine_kexec_file.o kexec_image.o 72 72 obj-$(CONFIG_KEXEC_FILE) += kexec_elf.o 73 73 obj-$(CONFIG_CERT_STORE) += cert_store.o 74 - obj-$(CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT) += ima_arch.o 75 74 76 75 obj-$(CONFIG_PERF_EVENTS) += perf_event.o 77 76 obj-$(CONFIG_PERF_EVENTS) += perf_cpum_cf.o perf_cpum_sf.o
-8
arch/s390/kernel/ima_arch.c
··· 1 - // SPDX-License-Identifier: GPL-2.0 2 - 3 - #include <linux/ima.h> 4 - 5 - const char * const *arch_get_ima_policy(void) 6 - { 7 - return NULL; 8 - }
+1
arch/s390/kernel/ipl.c
··· 21 21 #include <linux/crash_dump.h> 22 22 #include <linux/debug_locks.h> 23 23 #include <linux/vmalloc.h> 24 + #include <linux/secure_boot.h> 24 25 #include <asm/asm-extable.h> 25 26 #include <asm/machine.h> 26 27 #include <asm/diag.h>