summaryrefslogtreecommitdiffstats
path: root/kernel-armv7hl.config
diff options
context:
space:
mode:
authorLaura Abbott <labbott@redhat.com>2018-03-12 12:12:50 -0700
committerLaura Abbott <labbott@redhat.com>2018-03-12 12:12:50 -0700
commit4acc5bbea900934e5b4bc8835a62b5dcc5c57cab (patch)
tree5564c5f7373c109f37298ae914f59dbefa2d9c34 /kernel-armv7hl.config
parent06a455a312a2ee8eada2805fe20d362366630b1c (diff)
downloadkernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.gz
kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.xz
kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.zip
Disable IMA appraise (rhbz 1554474)
A recent change to the EFI lockdown patch forces IMA policy to be loaded when secureboot is used. Unfortunately, we don't have all the pieces in place to have all components fully signed. Disable appraisal for now until that gets fixed.
Diffstat (limited to 'kernel-armv7hl.config')
-rw-r--r--kernel-armv7hl.config2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 105731a57..ffa53449b 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -2312,7 +2312,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set