summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaura Abbott <labbott@redhat.com>2018-03-12 12:12:50 -0700
committerLaura Abbott <labbott@redhat.com>2018-03-12 12:12:50 -0700
commit4acc5bbea900934e5b4bc8835a62b5dcc5c57cab (patch)
tree5564c5f7373c109f37298ae914f59dbefa2d9c34
parent06a455a312a2ee8eada2805fe20d362366630b1c (diff)
downloadkernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.gz
kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.tar.xz
kernel-4acc5bbea900934e5b4bc8835a62b5dcc5c57cab.zip
Disable IMA appraise (rhbz 1554474)
A recent change to the EFI lockdown patch forces IMA policy to be loaded when secureboot is used. Unfortunately, we don't have all the pieces in place to have all components fully signed. Disable appraisal for now until that gets fixed.
-rw-r--r--configs/fedora/generic/CONFIG_IMA_APPRAISE2
-rw-r--r--kernel-aarch64-debug.config2
-rw-r--r--kernel-aarch64.config2
-rw-r--r--kernel-armv7hl-debug.config2
-rw-r--r--kernel-armv7hl-lpae-debug.config2
-rw-r--r--kernel-armv7hl-lpae.config2
-rw-r--r--kernel-armv7hl.config2
-rw-r--r--kernel-i686-PAE.config2
-rw-r--r--kernel-i686-PAEdebug.config2
-rw-r--r--kernel-i686-debug.config2
-rw-r--r--kernel-i686.config2
-rw-r--r--kernel-ppc64-debug.config2
-rw-r--r--kernel-ppc64.config2
-rw-r--r--kernel-ppc64le-debug.config2
-rw-r--r--kernel-ppc64le.config2
-rw-r--r--kernel-s390x-debug.config2
-rw-r--r--kernel-s390x.config2
-rw-r--r--kernel-x86_64-debug.config2
-rw-r--r--kernel-x86_64.config2
19 files changed, 19 insertions, 19 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE
index da04fd67d..acbe2fe3c 100644
--- a/configs/fedora/generic/CONFIG_IMA_APPRAISE
+++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE
@@ -1 +1 @@
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index e2c0ad429..9edb05112 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -2206,7 +2206,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index f241c8b02..572d9975b 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -2188,7 +2188,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index 06be2a125..88f319adf 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -2330,7 +2330,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 62269a667..7e24f66e0 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -2216,7 +2216,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index e3af01fce..c585c17e6 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -2198,7 +2198,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 105731a57..ffa53449b 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -2312,7 +2312,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config
index 7add60bd6..c513757d9 100644
--- a/kernel-i686-PAE.config
+++ b/kernel-i686-PAE.config
@@ -2053,7 +2053,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config
index 41689a39e..5e00edecd 100644
--- a/kernel-i686-PAEdebug.config
+++ b/kernel-i686-PAEdebug.config
@@ -2072,7 +2072,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index abfac8c54..35e3a899e 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -2072,7 +2072,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-i686.config b/kernel-i686.config
index e2b0ac96c..5a9f9a9dc 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2053,7 +2053,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config
index 3289affb3..70139d1ca 100644
--- a/kernel-ppc64-debug.config
+++ b/kernel-ppc64-debug.config
@@ -1961,7 +1961,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
diff --git a/kernel-ppc64.config b/kernel-ppc64.config
index f211e4b89..e81bdb3a0 100644
--- a/kernel-ppc64.config
+++ b/kernel-ppc64.config
@@ -1942,7 +1942,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index 59b3e81bc..8370a180c 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -1906,7 +1906,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index 93ed61ad6..517a9de86 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -1887,7 +1887,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index c05b3c585..ac608ceb4 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -1861,7 +1861,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-s390x.config b/kernel-s390x.config
index 21eafc9b8..3d7914a5f 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -1842,7 +1842,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 0b83aa306..685ec8eb7 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -2119,7 +2119,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 2b62f36a1..38352e2fb 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -2100,7 +2100,7 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
# CONFIG_IMA_LOAD_X509 is not set