diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2019-07-31 18:14:22 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2019-07-31 18:14:22 +0200 |
commit | cc21a9baeb40f98f802c0aa807a2f7c70a060472 (patch) | |
tree | 586cd631bd6c10332bf1e222be8a7aeef7bba0e0 | |
parent | b54ad37d2b8fca45d41a0fccd42abeddadba7e00 (diff) | |
parent | adfbac47b62c420b2438325283f3ca58d10094ec (diff) | |
download | kernel-cc21a9baeb40f98f802c0aa807a2f7c70a060472.tar.gz kernel-cc21a9baeb40f98f802c0aa807a2f7c70a060472.tar.xz kernel-cc21a9baeb40f98f802c0aa807a2f7c70a060472.zip |
Merge remote-tracking branch 'origin/master' into rawhide-user-thl-vanilla-fedorakernel-5.3.0-0.rc2.git2.2.vanilla.knurd.1.fc31kernel-5.3.0-0.rc2.git2.2.vanilla.knurd.1.fc30kernel-5.3.0-0.rc2.git2.2.vanilla.knurd.1.fc29
26 files changed, 140 insertions, 34 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE index acbe2fe3c..da04fd67d 100644 --- a/configs/fedora/generic/CONFIG_IMA_APPRAISE +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE @@ -1 +1 @@ -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM new file mode 100644 index 000000000..000a58fb6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE_BOOTPARAM=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BUILD_POLICY b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BUILD_POLICY new file mode 100644 index 000000000..d2ff45ca3 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BUILD_POLICY @@ -0,0 +1 @@ +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set diff --git a/configs/fedora/generic/x86/CONFIG_IMA_ARCH_POLICY b/configs/fedora/generic/CONFIG_IMA_ARCH_POLICY index 7187ae0dc..7187ae0dc 100644 --- a/configs/fedora/generic/x86/CONFIG_IMA_ARCH_POLICY +++ b/configs/fedora/generic/CONFIG_IMA_ARCH_POLICY diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING new file mode 100644 index 000000000..5329626fb --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING @@ -0,0 +1 @@ +# CONFIG_IMA_BLACKLIST_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 new file mode 100644 index 000000000..00d39701b --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 @@ -0,0 +1 @@ +# CONFIG_IMA_LOAD_X509 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING new file mode 100644 index 000000000..36ee7371a --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING @@ -0,0 +1 @@ +# CONFIG_IMA_TRUSTED_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_INTEGRITY_TRUSTED_KEYRING new file mode 100644 index 000000000..cfb23d479 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_TRUSTED_KEYRING @@ -0,0 +1 @@ +CONFIG_INTEGRITY_TRUSTED_KEYRING=y diff --git a/configs/fedora/generic/CONFIG_TCG_TIS_SPI b/configs/fedora/generic/CONFIG_TCG_TIS_SPI index 3b6623798..bfd1ff673 100644 --- a/configs/fedora/generic/CONFIG_TCG_TIS_SPI +++ b/configs/fedora/generic/CONFIG_TCG_TIS_SPI @@ -1 +1 @@ -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m @@ -1 +1 @@ -2a11c76e5301dddefcb618dac04f74e6314df6bc +4010b622f1d2a6112244101f38225eaee20c07f2 diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index 488cc5d09..b948b2cc5 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2412,17 +2412,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2557,6 +2563,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -6210,7 +6217,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-aarch64.config b/kernel-aarch64.config index 8a52c7533..583898069 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2396,17 +2396,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2541,6 +2547,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -6188,7 +6195,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 8e3eee74f..30139328b 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2442,17 +2442,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2595,6 +2601,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -6462,7 +6469,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index a97205cfa..0493b53be 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2359,17 +2359,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2500,6 +2506,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -6139,7 +6146,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 4901957e6..3c18d7dff 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2344,17 +2344,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2485,6 +2491,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -6118,7 +6125,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index c9b0a7acd..62e006001 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2427,17 +2427,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2580,6 +2586,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -6441,7 +6448,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index cac5c943c..40bc50d84 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2158,18 +2158,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2287,6 +2292,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y CONFIG_INTEGRITY_PLATFORM_KEYRING=y CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y CONFIG_INTEL_ATOMISP2_PM=m CONFIG_INTEL_BXT_PMIC_THERMAL=m @@ -5649,7 +5655,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-i686.config b/kernel-i686.config index 1f70c1655..dba4785f4 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2141,18 +2141,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2270,6 +2275,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y CONFIG_INTEGRITY_PLATFORM_KEYRING=y CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y CONFIG_INTEL_ATOMISP2_PM=m CONFIG_INTEL_BXT_PMIC_THERMAL=m @@ -5628,7 +5634,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 42f230f64..f0c986d85 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1965,17 +1965,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2089,6 +2095,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -5271,7 +5278,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 4d6ef9154..f2f7209f2 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1948,17 +1948,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2072,6 +2078,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -5248,7 +5255,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index 684936b2e..38030f7d9 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1943,17 +1943,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2067,6 +2073,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -5206,7 +5213,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-s390x.config b/kernel-s390x.config index bd9891b81..e8625dd5d 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1926,17 +1926,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2050,6 +2056,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m @@ -5183,7 +5190,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index d7bca3950..084e94924 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2201,18 +2201,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2333,6 +2338,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y CONFIG_INTEGRITY_PLATFORM_KEYRING=y CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y CONFIG_INTEL_ATOMISP2_PM=m CONFIG_INTEL_BXT_PMIC_THERMAL=m @@ -5707,7 +5713,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 87172823e..60a54e35a 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2184,18 +2184,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m -# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEXEC=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set +# CONFIG_IMA_TRUSTED_KEYRING is not set CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set @@ -2316,6 +2321,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y CONFIG_INTEGRITY_AUDIT=y CONFIG_INTEGRITY_PLATFORM_KEYRING=y CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y CONFIG_INTEGRITY=y CONFIG_INTEL_ATOMISP2_PM=m CONFIG_INTEL_BXT_PMIC_THERMAL=m @@ -5686,7 +5692,7 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_TIS_SPI is not set +CONFIG_TCG_TIS_SPI=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TCG_TIS=y diff --git a/kernel.spec b/kernel.spec index c08b1bfdb..67a14bb11 100644 --- a/kernel.spec +++ b/kernel.spec @@ -46,7 +46,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 2 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -79,7 +79,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 2 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 5.%{upstream_sublevel}.0 %endif @@ -1840,6 +1840,12 @@ fi # # %changelog +* Wed Jul 31 2019 Peter Robinson <pbrobinson@fedoraproject.org> 5.3.0-0.rc2.git2.2 +- Enable IMA Appraisal + +* Wed Jul 31 2019 Laura Abbott <labbott@redhat.com> - 5.3.0-0.rc2.git2.1 +- Linux v5.3-rc2-51-g4010b622f1d2 + * Tue Jul 30 2019 Laura Abbott <labbott@redhat.com> - 5.3.0-0.rc2.git1.1 - Linux v5.3-rc2-11-g2a11c76e5301 @@ -1,3 +1,3 @@ SHA512 (linux-5.2.tar.xz) = 5a28f8a34c4e0470617f5638b7112e6252109b78f23b1eed484a228530970c7ef5c130d6e5a09cf25ea2f6a0329602dcc1ec66ce893182e15b27d99bd228789c SHA512 (patch-5.3-rc2.xz) = 24691c1f8ccbea442d8d4e828be73c726328e50c24b4a8a07879397b939339cad00f85560781ad1d36158e022db1e5900308c091e9f453ebbe28fa23cf8b2cbe -SHA512 (patch-5.3-rc2-git1.xz) = e4acee16d048a16f1d5fe6d20785b4062025684f3bf192e69e469a16ad90ebe9c3cd8947a3fead200f48fa1d783f1627baed1ec8a5d37cc65ce3c26afce3603a +SHA512 (patch-5.3-rc2-git2.xz) = a5e0222a440ce3f71fb083690958908e3a72383f053c0e1f6b8412859a648a9041236dbec4ae95aae2638665552cb2253337f86372af015ad1a5da9614efcd68 |