diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig
index 4a9289d1a709f2e5f8ad1a64f6a5f22ae1cabbb5..30af2ee699d2ca9eada5ea4e2263eb028e50ddd0 100644
--- a/arch/arm64/configs/openeuler_defconfig
+++ b/arch/arm64/configs/openeuler_defconfig
@@ -7278,7 +7278,7 @@ CONFIG_IMA_APPRAISE=y
 # CONFIG_IMA_ARCH_POLICY is not set
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
-# CONFIG_IMA_APPRAISE_MODSIG is not set
+CONFIG_IMA_APPRAISE_MODSIG=y
 # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
 # CONFIG_IMA_BLACKLIST_KEYRING is not set
 CONFIG_IMA_LOAD_X509=y
diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig
index 9af0c89810ebea9a3120153fca3cadb61d895048..1fa43a95b5f1e7bcb7cdb0eefcaca0e5db2622eb 100644
--- a/arch/x86/configs/openeuler_defconfig
+++ b/arch/x86/configs/openeuler_defconfig
@@ -8454,7 +8454,7 @@ CONFIG_IMA_APPRAISE=y
 # CONFIG_IMA_ARCH_POLICY is not set
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
-# CONFIG_IMA_APPRAISE_MODSIG is not set
+CONFIG_IMA_APPRAISE_MODSIG=y
 # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
 # CONFIG_IMA_BLACKLIST_KEYRING is not set
 CONFIG_IMA_LOAD_X509=y
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index 3e7bee30080f27d6b42613c58c42a88ed7e12928..e1c406d1f1e75b35b1b9079aab2e72c81a73dd48 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -118,8 +118,22 @@ void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size)
 
 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig)
 {
-	return verify_pkcs7_message_sig(NULL, 0, modsig->pkcs7_msg, keyring,
-					VERIFYING_MODULE_SIGNATURE, NULL, NULL);
+	int ret;
+
+	ret = verify_pkcs7_message_sig(NULL, 0, modsig->pkcs7_msg, keyring,
+				       VERIFYING_MODULE_SIGNATURE, NULL, NULL);
+#ifdef CONFIG_IMA_DIGEST_LIST
+	if (ret < 0) {
+#ifdef CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
+		keyring = VERIFY_USE_SECONDARY_KEYRING;
+#else
+		keyring = NULL;
+#endif
+		return verify_pkcs7_message_sig(NULL, 0, modsig->pkcs7_msg,
+			keyring, VERIFYING_MODULE_SIGNATURE, NULL, NULL);
+	}
+#endif
+	return ret;
 }
 
 int ima_get_modsig_digest(const struct modsig *modsig, enum hash_algo *algo,