diff options
author | Laura Abbott <labbott@redhat.com> | 2018-03-12 12:12:50 -0700 |
---|---|---|
committer | Laura Abbott <labbott@redhat.com> | 2018-03-12 12:12:50 -0700 |
commit | 4acc5bbea900934e5b4bc8835a62b5dcc5c57cab (patch) | |
tree | 5564c5f7373c109f37298ae914f59dbefa2d9c34 /kernel-armv7hl.config | |
parent | 06a455a312a2ee8eada2805fe20d362366630b1c (diff) | |
download | kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.gz kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.xz kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.zip |
Disable IMA appraise (rhbz 1554474)
A recent change to the EFI lockdown patch forces IMA policy to be loaded
when secureboot is used. Unfortunately, we don't have all the pieces in
place to have all components fully signed. Disable appraisal for now
until that gets fixed.
Diffstat (limited to 'kernel-armv7hl.config')
-rw-r--r-- | kernel-armv7hl.config | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 105731a57..ffa53449b 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2312,7 +2312,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y # CONFIG_IMA_LOAD_X509 is not set |