From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Mimi Zohar <zohar@linux.ibm.com>, linux-integrity@vger.kernel.org
Subject: Re: [PATCH] ima_setup.sh: Fix check of signed policy requirement
Date: Tue, 27 Jan 2026 14:17:55 +0100 [thread overview]
Message-ID: <20260127131755.GA146899@pevik> (raw)
In-Reply-To: <20260121083343.127613-1-pvorel@suse.cz>
Hi Mimi, all,
> Kernel code in arch_get_ima_policy() depends also on
> CONFIG_IMA_ARCH_POLICY added in v5.0:
> d958083a8f640 ("x86/ima: define arch_get_ima_policy() for x86")
> Fixes: c38b528783 ("ima_{conditionals, policy}: Handle policy required to be signed")
> Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> Hi Mimi, all,
> FYI I'd like to merge it this week to get it into LTP release.
> Kind regards,
> Petr
I dared to merge this to get it into upcoming LTP release (this/next week).
Kind regards,
Petr
> testcases/kernel/security/integrity/ima/tests/ima_setup.sh | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> index 1bce78d425..df0b8d1532 100644
> --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
> @@ -466,10 +466,11 @@ require_evmctl()
> }
> # 56dc986a6b20b ("ima: require signed IMA policy when UEFI secure boot is enabled") # v6.5-rc4
> +# d958083a8f640 ("x86/ima: define arch_get_ima_policy() for x86") # v5.0
> check_need_signed_policy()
> {
> tst_secureboot_enabled && tst_kvcmp -ge '6.5' && tst_require_kconfigs \
> - 'CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY'
> + 'CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY,CONFIG_IMA_ARCH_POLICY'
> }
> # loop device is needed to use only for tmpfs
next prev parent reply other threads:[~2026-01-27 13:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-21 8:33 [PATCH] ima_setup.sh: Fix check of signed policy requirement Petr Vorel
2026-01-27 13:17 ` Petr Vorel [this message]
2026-01-27 18:24 ` Mimi Zohar
2026-01-28 12:51 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260127131755.GA146899@pevik \
--to=pvorel@suse.cz \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox