summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaura Abbott <labbott@redhat.com>2018-02-19 10:40:39 -0800
committerLaura Abbott <labbott@redhat.com>2018-02-19 10:54:11 -0800
commitbb540d20c6388d18e5977f14f35f96318be223e1 (patch)
treef5166330c1a93deb7e1847c180522fe05d75c740
parent08732ed8268cbd9fd23dfae32ffa18ea320b910e (diff)
downloadkernel-bb540d20c6388d18e5977f14f35f96318be223e1.tar.gz
kernel-bb540d20c6388d18e5977f14f35f96318be223e1.tar.xz
kernel-bb540d20c6388d18e5977f14f35f96318be223e1.zip
Enable IMA (rhbz 790008)
-rw-r--r--configs/fedora/generic/CONFIG_IMA2
-rw-r--r--configs/fedora/generic/CONFIG_IMA_APPRAISE1
-rw-r--r--configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM1
-rw-r--r--configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING1
-rw-r--r--configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY1
-rw-r--r--configs/fedora/generic/CONFIG_IMA_LOAD_X5091
-rw-r--r--configs/fedora/generic/CONFIG_IMA_READ_POLICY1
-rw-r--r--configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING1
-rw-r--r--configs/fedora/generic/CONFIG_IMA_WRITE_POLICY1
-rw-r--r--configs/fedora/generic/CONFIG_INTEGRITY2
-rw-r--r--configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS1
-rw-r--r--configs/fedora/generic/CONFIG_INTEGRITY_AUDIT1
-rw-r--r--configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE1
-rw-r--r--configs/fedora/generic/CONFIG_TCG_TIS2
-rw-r--r--configs/fedora/generic/CONFIG_TCG_TPM2
-rw-r--r--kernel-aarch64-debug.config19
-rw-r--r--kernel-aarch64.config19
-rw-r--r--kernel-armv7hl-debug.config19
-rw-r--r--kernel-armv7hl-lpae-debug.config19
-rw-r--r--kernel-armv7hl-lpae.config19
-rw-r--r--kernel-armv7hl.config19
-rw-r--r--kernel-i686-PAE.config19
-rw-r--r--kernel-i686-PAEdebug.config19
-rw-r--r--kernel-i686-debug.config19
-rw-r--r--kernel-i686.config19
-rw-r--r--kernel-ppc64-debug.config15
-rw-r--r--kernel-ppc64.config15
-rw-r--r--kernel-ppc64le-debug.config15
-rw-r--r--kernel-ppc64le.config15
-rw-r--r--kernel-s390x-debug.config19
-rw-r--r--kernel-s390x.config19
-rw-r--r--kernel-x86_64-debug.config19
-rw-r--r--kernel-x86_64.config19
-rw-r--r--kernel.spec3
-rw-r--r--rebase-notes.txt3
35 files changed, 283 insertions, 68 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA b/configs/fedora/generic/CONFIG_IMA
index 83a06345b..752982bdd 100644
--- a/configs/fedora/generic/CONFIG_IMA
+++ b/configs/fedora/generic/CONFIG_IMA
@@ -1 +1 @@
-# CONFIG_IMA is not set
+CONFIG_IMA=y
diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE
new file mode 100644
index 000000000..da04fd67d
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE
@@ -0,0 +1 @@
+CONFIG_IMA_APPRAISE=y
diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM
new file mode 100644
index 000000000..000a58fb6
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM
@@ -0,0 +1 @@
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING
new file mode 100644
index 000000000..5329626fb
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING
@@ -0,0 +1 @@
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
diff --git a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
new file mode 100644
index 000000000..08056234d
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY
@@ -0,0 +1 @@
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509
new file mode 100644
index 000000000..00d39701b
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_LOAD_X509
@@ -0,0 +1 @@
+# CONFIG_IMA_LOAD_X509 is not set
diff --git a/configs/fedora/generic/CONFIG_IMA_READ_POLICY b/configs/fedora/generic/CONFIG_IMA_READ_POLICY
new file mode 100644
index 000000000..8f280d803
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_READ_POLICY
@@ -0,0 +1 @@
+CONFIG_IMA_READ_POLICY=y
diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING
new file mode 100644
index 000000000..d27057dad
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING
@@ -0,0 +1 @@
+CONFIG_IMA_TRUSTED_KEYRING=y
diff --git a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY
new file mode 100644
index 000000000..e54ce85d7
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY
@@ -0,0 +1 @@
+CONFIG_IMA_WRITE_POLICY=y
diff --git a/configs/fedora/generic/CONFIG_INTEGRITY b/configs/fedora/generic/CONFIG_INTEGRITY
index 5dd074057..a3524cb6b 100644
--- a/configs/fedora/generic/CONFIG_INTEGRITY
+++ b/configs/fedora/generic/CONFIG_INTEGRITY
@@ -1 +1 @@
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY=y
diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS
new file mode 100644
index 000000000..a1485b903
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS
@@ -0,0 +1 @@
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT
new file mode 100644
index 000000000..09d5db2b6
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT
@@ -0,0 +1 @@
+CONFIG_INTEGRITY_AUDIT=y
diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE
new file mode 100644
index 000000000..2d104809d
--- /dev/null
+++ b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE
@@ -0,0 +1 @@
+CONFIG_INTEGRITY_SIGNATURE=y
diff --git a/configs/fedora/generic/CONFIG_TCG_TIS b/configs/fedora/generic/CONFIG_TCG_TIS
index b119645b2..eb9a4ccac 100644
--- a/configs/fedora/generic/CONFIG_TCG_TIS
+++ b/configs/fedora/generic/CONFIG_TCG_TIS
@@ -1 +1 @@
-CONFIG_TCG_TIS=m
+CONFIG_TCG_TIS=y
diff --git a/configs/fedora/generic/CONFIG_TCG_TPM b/configs/fedora/generic/CONFIG_TCG_TPM
index 8c2c3b86d..07d9499c1 100644
--- a/configs/fedora/generic/CONFIG_TCG_TPM
+++ b/configs/fedora/generic/CONFIG_TCG_TPM
@@ -1 +1 @@
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TPM=y
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index a6ffc594a..023854fb8 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -2203,9 +2203,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_IMX_IPUV3_CORE is not set
# CONFIG_INA2XX_ADC is not set
@@ -2325,7 +2333,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5679,12 +5690,12 @@ CONFIG_TCG_NSC=m
CONFIG_TCG_TIS_I2C_ATMEL=m
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index f7dd6976b..c48f5703a 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -2185,9 +2185,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_IMX_IPUV3_CORE is not set
# CONFIG_INA2XX_ADC is not set
@@ -2307,7 +2315,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5655,12 +5666,12 @@ CONFIG_TCG_NSC=m
CONFIG_TCG_TIS_I2C_ATMEL=m
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index 31b5f3a2a..59f12cd97 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -2328,9 +2328,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m
@@ -2469,7 +2477,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -6148,12 +6159,12 @@ CONFIG_TCG_NSC=m
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 815a6e652..47770a418 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -2214,9 +2214,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_IMX_IPUV3_CORE is not set
# CONFIG_INA2XX_ADC is not set
@@ -2338,7 +2346,10 @@ CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5748,12 +5759,12 @@ CONFIG_TCG_NSC=m
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index c098694be..5640a3557 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -2196,9 +2196,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_IMX_IPUV3_CORE is not set
# CONFIG_INA2XX_ADC is not set
@@ -2320,7 +2328,10 @@ CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5724,12 +5735,12 @@ CONFIG_TCG_NSC=m
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 74755df13..640802611 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -2310,9 +2310,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m
@@ -2451,7 +2459,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -6124,12 +6135,12 @@ CONFIG_TCG_NSC=m
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config
index f229490b9..4e3b941a3 100644
--- a/kernel-i686-PAE.config
+++ b/kernel-i686-PAE.config
@@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2172,7 +2180,10 @@ CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
CONFIG_INT3406_THERMAL=m
CONFIG_INT340X_THERMAL=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_ATOMISP is not set
CONFIG_INTEL_BXT_PMIC_THERMAL=m
CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config
index 178a17e84..8472d4886 100644
--- a/kernel-i686-PAEdebug.config
+++ b/kernel-i686-PAEdebug.config
@@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2191,7 +2199,10 @@ CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
CONFIG_INT3406_THERMAL=m
CONFIG_INT340X_THERMAL=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_ATOMISP is not set
CONFIG_INTEL_BXT_PMIC_THERMAL=m
CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index 8d95bff0e..4d9582fb6 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2191,7 +2199,10 @@ CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
CONFIG_INT3406_THERMAL=m
CONFIG_INT340X_THERMAL=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_ATOMISP is not set
CONFIG_INTEL_BXT_PMIC_THERMAL=m
CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-i686.config b/kernel-i686.config
index bd88ced88..ef61f09ce 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2172,7 +2180,10 @@ CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
CONFIG_INT3406_THERMAL=m
CONFIG_INT340X_THERMAL=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_ATOMISP is not set
CONFIG_INTEL_BXT_PMIC_THERMAL=m
CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config
index 82d89af16..eb1ec4f35 100644
--- a/kernel-ppc64-debug.config
+++ b/kernel-ppc64-debug.config
@@ -1960,9 +1960,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2076,7 +2084,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5121,11 +5132,11 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
+CONFIG_TCG_TIS=y
# CONFIG_TCG_TPM is not set
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
diff --git a/kernel-ppc64.config b/kernel-ppc64.config
index 65be666c5..9ad2854ea 100644
--- a/kernel-ppc64.config
+++ b/kernel-ppc64.config
@@ -1941,9 +1941,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2057,7 +2065,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5096,11 +5107,11 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
+CONFIG_TCG_TIS=y
# CONFIG_TCG_TPM is not set
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index 6beb468b0..6d64d5688 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -1905,9 +1905,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2021,7 +2029,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5049,11 +5060,11 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
+CONFIG_TCG_TIS=y
# CONFIG_TCG_TPM is not set
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index 2ce40e324..46135f8d5 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -1886,9 +1886,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2002,7 +2010,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -5024,11 +5035,11 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
+CONFIG_TCG_TIS=y
# CONFIG_TCG_TPM is not set
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index 498a8baf6..37d0c7546 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -1860,9 +1860,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -1976,7 +1984,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -4943,12 +4954,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-s390x.config b/kernel-s390x.config
index 372982208..0044620f8 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -1841,9 +1841,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -1957,7 +1965,10 @@ CONFIG_INPUT_WISTRON_BTNS=m
CONFIG_INPUT_WM831X_ON=m
CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_IDMA64 is not set
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
# CONFIG_INTEL_SOC_PMIC is not set
@@ -4918,12 +4929,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 738e9f1aa..ec08afc9d 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -2118,9 +2118,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2242,7 +2250,10 @@ CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
CONFIG_INT3406_THERMAL=m
CONFIG_INT340X_THERMAL=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_ATOMISP is not set
CONFIG_INTEL_BXT_PMIC_THERMAL=m
CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5440,12 +5451,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 0b69252a2..953d0d99f 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -2099,9 +2099,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_INA2XX_ADC is not set
CONFIG_INET6_AH=m
@@ -2223,7 +2231,10 @@ CONFIG_INPUT=y
CONFIG_INPUT_YEALINK=m
CONFIG_INT3406_THERMAL=m
CONFIG_INT340X_THERMAL=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
# CONFIG_INTEL_ATOMISP is not set
CONFIG_INTEL_BXT_PMIC_THERMAL=m
CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5417,12 +5428,12 @@ CONFIG_TCG_NSC=m
# CONFIG_TCG_TIS_I2C_ATMEL is not set
# CONFIG_TCG_TIS_I2C_INFINEON is not set
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
# CONFIG_TCG_TIS_SPI is not set
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
# CONFIG_TCG_TIS_ST33ZP24 is not set
# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TCG_XEN is not set
CONFIG_TCM_FC=m
diff --git a/kernel.spec b/kernel.spec
index 38f5756dd..1f499bf82 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1872,6 +1872,9 @@ fi
#
#
%changelog
+* Mon Feb 19 2018 Laura Abbott <labbott@redhat.com>
+- Enable IMA (rhbz 790008)
+
* Mon Feb 19 2018 Jeremy Cline <jeremy@jcline.org> - 4.16.0-0.rc2.git0.1
- Linux v4.16-rc2
diff --git a/rebase-notes.txt b/rebase-notes.txt
index 85e185c03..937c43e22 100644
--- a/rebase-notes.txt
+++ b/rebase-notes.txt
@@ -1,3 +1,6 @@
+Linux 4.16 rebase notes:
+- Consider turning off all the IMA features?
+
Linux 4.15 rebase notes:
- Disable power-management features enabled for F28+
-Set CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0