From 4acc5bbea900934e5b4bc8835a62b5dcc5c57cab Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@redhat.com>
Date: Mon, 12 Mar 2018 12:12:50 -0700
Subject: Disable IMA appraise (rhbz 1554474)

A recent change to the EFI lockdown patch forces IMA policy to be loaded
when secureboot is used. Unfortunately, we don't have all the pieces in
place to have all components fully signed. Disable appraisal for now
until that gets fixed.
---
 kernel-ppc64le.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'kernel-ppc64le.config')

diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index 93ed61ad6..517a9de86 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -1887,7 +1887,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_BLACKLIST_KEYRING is not set
 # CONFIG_IMA is not set
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
-- 
cgit