Re: [PATCH v3 3/3] s390: Drop unnecessary CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT

Next message: Sibi Sankar: "Re: [PATCH V3 3/5] dt-bindings: misc: qcom,fastrpc: Add compatible for Glymur"
Previous message: Cheng Xu: "Re: [PATCH rdma-next 18/50] RDMA/erdma: Separate user and kernel CQ creation paths"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander Egorenkov

Date: Tue Feb 24 2026 - 00:53:04 EST

Mimi Zohar <zohar@xxxxxxxxxxxxx> writes:

> On Fri, 2026-02-13 at 09:28 +0800, Coiby Xu wrote:
>> Commit b5ca117365d9 ("ima: prevent kexec_load syscall based on runtime
>> secureboot flag") and commit 268a78404973 ("s390/kexec_file: Disable
>> kexec_load when IPLed secure") disabled the kexec_load syscall based
>> on the secureboot mode. Commit 9e2b4be377f0 ("ima: add a new CONFIG
>> for loading arch-specific policies") needed to detect the secure boot
>> mode, not to load an IMA architecture specific policy. Since there is
>> the new CONFIG_INTEGRITY_SECURE_BOOT, drop
>> CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT for s390.
>>
>> Signed-off-by: Coiby Xu <coxu@xxxxxxxxxx>
>
> Alexander, you added your Tested-by for the original version of this patch set.
> Can I apply it for v3?
>
> thanks,
>
> Mimi

I have verified v3 on one of our secure boot machines, it looks good too.

Tested-by: Alexander Egorenkov <egorenar@xxxxxxxxxxxxx>