diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-02-21 07:22:50 +0100 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-02-21 07:22:50 +0100 |
commit | c8724a4e0d618dcd1a2e656a6d21f4e8c41fb62d (patch) | |
tree | e0319958f4d9babdfbc287fed266bab49671c994 | |
parent | f449de8ca21b2f9ab9e29afa84eba215c91c85d9 (diff) | |
parent | cf8332750da9f4bcfdba867e4a5cc5b24cf7573d (diff) | |
download | kernel-c8724a4e0d618dcd1a2e656a6d21f4e8c41fb62d.tar.gz kernel-c8724a4e0d618dcd1a2e656a6d21f4e8c41fb62d.tar.xz kernel-c8724a4e0d618dcd1a2e656a6d21f4e8c41fb62d.zip |
Merge remote-tracking branch 'origin/master' into rawhide-user-thl-vanilla-fedora
38 files changed, 296 insertions, 73 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA b/configs/fedora/generic/CONFIG_IMA index 83a06345b..752982bdd 100644 --- a/configs/fedora/generic/CONFIG_IMA +++ b/configs/fedora/generic/CONFIG_IMA @@ -1 +1 @@ -# CONFIG_IMA is not set +CONFIG_IMA=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE new file mode 100644 index 000000000..da04fd67d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM new file mode 100644 index 000000000..000a58fb6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE_BOOTPARAM=y diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING new file mode 100644 index 000000000..5329626fb --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING @@ -0,0 +1 @@ +# CONFIG_IMA_BLACKLIST_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY new file mode 100644 index 000000000..08056234d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY @@ -0,0 +1 @@ +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 new file mode 100644 index 000000000..00d39701b --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 @@ -0,0 +1 @@ +# CONFIG_IMA_LOAD_X509 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_READ_POLICY b/configs/fedora/generic/CONFIG_IMA_READ_POLICY new file mode 100644 index 000000000..8f280d803 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_READ_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_READ_POLICY=y diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING new file mode 100644 index 000000000..d27057dad --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING @@ -0,0 +1 @@ +CONFIG_IMA_TRUSTED_KEYRING=y diff --git a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY new file mode 100644 index 000000000..e54ce85d7 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_WRITE_POLICY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY b/configs/fedora/generic/CONFIG_INTEGRITY index 5dd074057..a3524cb6b 100644 --- a/configs/fedora/generic/CONFIG_INTEGRITY +++ b/configs/fedora/generic/CONFIG_INTEGRITY @@ -1 +1 @@ -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS new file mode 100644 index 000000000..a1485b903 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS @@ -0,0 +1 @@ +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT new file mode 100644 index 000000000..09d5db2b6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT @@ -0,0 +1 @@ +CONFIG_INTEGRITY_AUDIT=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE new file mode 100644 index 000000000..2d104809d --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE @@ -0,0 +1 @@ +CONFIG_INTEGRITY_SIGNATURE=y diff --git a/configs/fedora/generic/CONFIG_TCG_TIS b/configs/fedora/generic/CONFIG_TCG_TIS index b119645b2..eb9a4ccac 100644 --- a/configs/fedora/generic/CONFIG_TCG_TIS +++ b/configs/fedora/generic/CONFIG_TCG_TIS @@ -1 +1 @@ -CONFIG_TCG_TIS=m +CONFIG_TCG_TIS=y diff --git a/configs/fedora/generic/CONFIG_TCG_TPM b/configs/fedora/generic/CONFIG_TCG_TPM index 8c2c3b86d..07d9499c1 100644 --- a/configs/fedora/generic/CONFIG_TCG_TPM +++ b/configs/fedora/generic/CONFIG_TCG_TPM @@ -1 +1 @@ -CONFIG_TCG_TPM=m +CONFIG_TCG_TPM=y @@ -1 +1 @@ -1388c80438e69fc01d83fbe98da3cac24c3c8731 +79c0ef3e85c015b0921a8fd5dd539d1480e9cd6c diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index a6ffc594a..023854fb8 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2203,9 +2203,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2325,7 +2333,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5679,12 +5690,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-aarch64.config b/kernel-aarch64.config index f7dd6976b..c48f5703a 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2185,9 +2185,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2307,7 +2315,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5655,12 +5666,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 31b5f3a2a..59f12cd97 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2328,9 +2328,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2469,7 +2477,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6148,12 +6159,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 815a6e652..47770a418 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2214,9 +2214,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2338,7 +2346,10 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5748,12 +5759,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index c098694be..5640a3557 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2196,9 +2196,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2320,7 +2328,10 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5724,12 +5735,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 74755df13..640802611 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2310,9 +2310,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2451,7 +2459,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6124,12 +6135,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index f229490b9..4e3b941a3 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2172,7 +2180,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 178a17e84..8472d4886 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2191,7 +2199,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 8d95bff0e..4d9582fb6 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2191,7 +2199,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686.config b/kernel-i686.config index bd88ced88..ef61f09ce 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2172,7 +2180,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 82d89af16..eb1ec4f35 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -1960,9 +1960,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2076,7 +2084,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5121,11 +5132,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64.config b/kernel-ppc64.config index 65be666c5..9ad2854ea 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -1941,9 +1941,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2057,7 +2065,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5096,11 +5107,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 6beb468b0..6d64d5688 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1905,9 +1905,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2021,7 +2029,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5049,11 +5060,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 2ce40e324..46135f8d5 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1886,9 +1886,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2002,7 +2010,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5024,11 +5035,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index 498a8baf6..37d0c7546 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1860,9 +1860,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1976,7 +1984,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4943,12 +4954,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-s390x.config b/kernel-s390x.config index 372982208..0044620f8 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1841,9 +1841,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1957,7 +1965,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4918,12 +4929,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 738e9f1aa..ec08afc9d 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2118,9 +2118,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2242,7 +2250,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5440,12 +5451,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 0b69252a2..953d0d99f 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2099,9 +2099,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2223,7 +2231,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5417,12 +5428,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel.spec b/kernel.spec index 0333fc4c9..ace0eaf09 100644 --- a/kernel.spec +++ b/kernel.spec @@ -77,7 +77,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 2 # The git snapshot level -%define gitrev 0 +%define gitrev 1 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -132,7 +132,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 1 +%define debugbuildsenabled 0 %if %{with_verbose} %define make_opts V=1 @@ -1542,7 +1542,7 @@ BuildKernel() { find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -exec rm -f {} \; # build a BLS config for this kernel - ./generate_bls_conf.sh "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" + %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" } ### @@ -1854,7 +1854,7 @@ fi /lib/modules/%{KVERREL}%{?3:+%{3}}/build\ /lib/modules/%{KVERREL}%{?3:+%{3}}/source\ /lib/modules/%{KVERREL}%{?3:+%{3}}/updates\ -/lib/modules/%{KVERREL}%{?2:+%{2}}/bls.conf\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/bls.conf\ %if %{1}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\ /etc/ld.so.conf.d/kernel-%{KVERREL}%{?3:+%{3}}.conf\ @@ -1892,6 +1892,14 @@ fi # # %changelog +* Tue Feb 20 2018 Jeremy Cline <jeremy@jcline.org> - 4.16.0-0.rc2.git1.1 +- Linux v4.16-rc2-62-g79c0ef3e85c0 +- Reenable debugging options +- Fix build problems with BLS + +* Mon Feb 19 2018 Laura Abbott <labbott@redhat.com> +- Enable IMA (rhbz 790008) + * Mon Feb 19 2018 Jeremy Cline <jeremy@jcline.org> - 4.16.0-0.rc2.git0.1 - Linux v4.16-rc2 diff --git a/rebase-notes.txt b/rebase-notes.txt index 85e185c03..937c43e22 100644 --- a/rebase-notes.txt +++ b/rebase-notes.txt @@ -1,3 +1,6 @@ +Linux 4.16 rebase notes: +- Consider turning off all the IMA features? + Linux 4.15 rebase notes: - Disable power-management features enabled for F28+ -Set CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 diff --git a/scripts/rawhide-rc.sh b/scripts/rawhide-rc.sh index 40f32a8fe..ba8b467b2 100755 --- a/scripts/rawhide-rc.sh +++ b/scripts/rawhide-rc.sh @@ -45,3 +45,5 @@ perl -p -i -e 's|%define gitrev.*|%define gitrev 0|' kernel.spec perl -p -i -e 's|%global baserelease.*|%global baserelease 0|' kernel.spec rpmdev-bumpspec -c "Linux v4.$BASE-rc$RC" kernel.spec + +echo "Don't forget to bump kernel-tools" @@ -1,2 +1,3 @@ SHA512 (linux-4.15.tar.xz) = c00d92659df815a53dcac7dde145b742b1f20867d380c07cb09ddb3295d6ff10f8931b21ef0b09d7156923a3957b39d74d87c883300173b2e20690d2b4ec35ea SHA512 (patch-4.16-rc2.xz) = 3b72039fee7a481ed6a491a5795b9f1184c8fb4597a96332b513856f82a4410bbffa5bf61b59ec7b6ed4f789b22027d3f20d91b024b9fd3afbbd9ff56499cb8e +SHA512 (patch-4.16-rc2-git1.xz) = b23653b0deaa753447e98b871e036e2d8af3bd31e42ccfc6c511a3f9b9664d698cb7832497bbaab33521cb3bd48f9bba4a2ff5f458ced50794c876687b8e3b4e |