Revert "Enable IMA (rhbz 790008)"

This reverts commit bb540d20c6388d18e5977f14f35f96318be223e1.

A recent change to the EFI lockdown patch forces IMA policy to be loaded
when secureboot is used. Unfortunately, we don't have all the pieces in
place to have all components fully signed. A F29 change request is
planned to address this, so disable IMA for F28.

1 files changed, 4 insertions, 15 deletions

diff --git a/kernel-i686.config b/kernel-i686.config
index e2b0ac96c..b27e37c6c 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2052,17 +2052,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
 CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
-# CONFIG_IMA_BLACKLIST_KEYRING is not set
-CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
-# CONFIG_IMA_LOAD_X509 is not set
+# CONFIG_IMA is not set
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_TRUSTED_KEYRING=y
-CONFIG_IMA_WRITE_POLICY=y
-CONFIG_IMA=y
 # CONFIG_IMG_ASCII_LCD is not set
 # CONFIG_INA2XX_ADC is not set
 CONFIG_INET6_AH=m
@@ -2180,10 +2172,7 @@ CONFIG_INPUT=y
 CONFIG_INPUT_YEALINK=m
 CONFIG_INT3406_THERMAL=m
 CONFIG_INT340X_THERMAL=m
-CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-CONFIG_INTEGRITY_AUDIT=y
-CONFIG_INTEGRITY_SIGNATURE=y
-CONFIG_INTEGRITY=y
+# CONFIG_INTEGRITY is not set
 # CONFIG_INTEL_ATOMISP is not set
 CONFIG_INTEL_BXT_PMIC_THERMAL=m
 CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5338,12 +5327,12 @@ CONFIG_TCG_NSC=m
 # CONFIG_TCG_TIS_I2C_ATMEL is not set
 # CONFIG_TCG_TIS_I2C_INFINEON is not set
 # CONFIG_TCG_TIS_I2C_NUVOTON is not set
+CONFIG_TCG_TIS=m
 # CONFIG_TCG_TIS_SPI is not set
 # CONFIG_TCG_TIS_ST33ZP24_I2C is not set
 # CONFIG_TCG_TIS_ST33ZP24 is not set
 # CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TIS=y
-CONFIG_TCG_TPM=y
+CONFIG_TCG_TPM=m
 # CONFIG_TCG_VTPM_PROXY is not set
 # CONFIG_TCG_XEN is not set
 CONFIG_TCM_FC=m