Disable IMA appraise (rhbz 1554474)
A recent change to the EFI lockdown patch forces IMA policy to be loaded when secureboot is used. Unfortunately, we don't have all the pieces in place to have all components fully signed. Disable appraisal for now until that gets fixed.
This commit is contained in:
Laura Abbott
parent
06a455a312
commit
4acc5bbea9
|
|
@ -1 +1 @@
|
|||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
|
|
|
|||
|
|
@ -2206,7 +2206,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2188,7 +2188,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2330,7 +2330,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2216,7 +2216,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2198,7 +2198,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2312,7 +2312,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2053,7 +2053,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2072,7 +2072,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2072,7 +2072,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2053,7 +2053,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -1961,7 +1961,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
# CONFIG_IMA is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
|
|
|
|||
|
|
@ -1942,7 +1942,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
# CONFIG_IMA is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
|
|
|
|||
|
|
@ -1906,7 +1906,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
# CONFIG_IMA is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
|
|
|
|||
|
|
@ -1887,7 +1887,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
# CONFIG_IMA is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
|
|
|
|||
|
|
@ -1861,7 +1861,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -1842,7 +1842,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2119,7 +2119,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
|
|
@ -2100,7 +2100,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
|
|||
CONFIG_IIO_TRIGGER=y
|
||||
# CONFIG_IKCONFIG is not set
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
# CONFIG_IMA_APPRAISE is not set
|
||||
# CONFIG_IMA_BLACKLIST_KEYRING is not set
|
||||
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
||||
# CONFIG_IMA_LOAD_X509 is not set
|
||||
|
|
|
|||
Loading…
Reference in New Issue