[PATCH] ima: Only use the platform keyring if it's enabled
From: Thiago Jung Bauermann
Date: Wed Dec 12 2018 - 13:02:09 EST
Signed-off-by: Thiago Jung Bauermann <bauerman@xxxxxxxxxxxxx>
---
security/integrity/ima/ima_appraise.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index e8f520450895..f6ac405daabb 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -297,7 +297,8 @@ int ima_appraise_measurement(enum ima_hooks func,
status = INTEGRITY_UNKNOWN;
break;
}
- if (rc && func == KEXEC_KERNEL_CHECK)
+ if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && rc &&
+ func == KEXEC_KERNEL_CHECK)
rc = integrity_digsig_verify(INTEGRITY_KEYRING_PLATFORM,
(const char *)xattr_value,
xattr_len,