ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig

[ Upstream commit be210c6d3597faf330cb9af33b9f1591d7b2a983 ]

The removal of IMA_TRUSTED_KEYRING made IMA_LOAD_X509
and IMA_BLACKLIST_KEYRING unavailable because the latter
two depend on the former. Since IMA_TRUSTED_KEYRING was
deprecated in favor of INTEGRITY_TRUSTED_KEYRING use it
as a dependency for the two Kconfigs affected by the
deprecation.

Fixes: 5087fd9e80e5 ("ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig")
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
Reviewed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index c97ce6265fc6bd8e806c0eb265949dee023df411..a7e38d72fb4ba05601662ad8afd38fe44be51a5b 100644 (file)
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -263,7 +263,7 @@ config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
 config IMA_BLACKLIST_KEYRING
        bool "Create IMA machine owner blacklist keyrings (EXPERIMENTAL)"
        depends on SYSTEM_TRUSTED_KEYRING
-       depends on IMA_TRUSTED_KEYRING
+       depends on INTEGRITY_TRUSTED_KEYRING
        default n
        help
           This option creates an IMA blacklist keyring, which contains all
@@ -273,7 +273,7 @@ config IMA_BLACKLIST_KEYRING
 
 config IMA_LOAD_X509
        bool "Load X509 certificate onto the '.ima' trusted keyring"
-       depends on IMA_TRUSTED_KEYRING
+       depends on INTEGRITY_TRUSTED_KEYRING
        default n
        help
           File signature verification is based on the public keys