On Jan 15, 2024 Roberto Sassu roberto.sassu@huaweicloud.com wrote:
Since now IMA and EVM use their own integrity metadata, it is safe to remove the 'integrity' LSM, with its management of integrity metadata.
Keep the iint.c file only for loading IMA and EVM keys at boot, and for creating the integrity directory in securityfs (we need to keep it for retrocompatibility reasons).
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com Reviewed-by: Casey Schaufler casey@schaufler-ca.com
include/linux/integrity.h | 14 --- security/integrity/iint.c | 197 +-------------------------------- security/integrity/integrity.h | 25 ----- security/security.c | 2 - 4 files changed, 2 insertions(+), 236 deletions(-)
Acked-by: Paul Moore paul@paul-moore.com
-- paul-moore.com