diff options
| author | Peter Robinson <pbrobinson@gmail.com> | 2019-07-17 11:09:36 +0100 |
|---|---|---|
| committer | Peter Robinson <pbrobinson@gmail.com> | 2019-07-17 11:13:35 +0100 |
| commit | 9311d0121abc45953d53de794e926eeabb13af2d (patch) | |
| tree | d0d5ee5d948818cc9cdde0a6a73e87c5efc2fc80 | |
| parent | 5c2ab4e801af208f640dc06a07e6a55cca2c1d74 (diff) | |
| download | kernel-9311d0121abc45953d53de794e926eeabb13af2d.tar.gz kernel-9311d0121abc45953d53de794e926eeabb13af2d.tar.xz kernel-9311d0121abc45953d53de794e926eeabb13af2d.zip | |
IMA: change default hash from sha1 to sha256, the later is more secuure and hence should be the default
| -rw-r--r-- | configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 | 2 | ||||
| -rw-r--r-- | configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 | 2 | ||||
| -rw-r--r-- | kernel-aarch64-debug.config | 4 | ||||
| -rw-r--r-- | kernel-aarch64.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-debug.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae-debug.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl.config | 4 | ||||
| -rw-r--r-- | kernel-i686-debug.config | 4 | ||||
| -rw-r--r-- | kernel-i686.config | 4 | ||||
| -rw-r--r-- | kernel-ppc64le-debug.config | 4 | ||||
| -rw-r--r-- | kernel-ppc64le.config | 4 | ||||
| -rw-r--r-- | kernel-s390x-debug.config | 4 | ||||
| -rw-r--r-- | kernel-s390x.config | 4 | ||||
| -rw-r--r-- | kernel-x86_64-debug.config | 4 | ||||
| -rw-r--r-- | kernel-x86_64.config | 4 |
16 files changed, 30 insertions, 30 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 index f1f433af9..b51889849 100644 --- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 +++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 @@ -1 +1 @@ -CONFIG_IMA_DEFAULT_HASH_SHA1=y +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 index 29bd8f86d..e627fd9e9 100644 --- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 +++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 @@ -1 +1 @@ -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index a8820aee9..a21830e78 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2432,8 +2432,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-aarch64.config b/kernel-aarch64.config index 73ce2987d..cf0b668c6 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2416,8 +2416,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 871f216b1..d45a2492d 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2463,8 +2463,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 3afc3947b..fdb67ba11 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2381,8 +2381,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 2480cf9a5..bf03cfbdd 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2366,8 +2366,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 0d84290c8..f62191583 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2448,8 +2448,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 25d715f9a..1af028d3d 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2184,8 +2184,8 @@ CONFIG_IIO_TRIGGER=y CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-i686.config b/kernel-i686.config index 0143341ae..cccf51d7d 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2167,8 +2167,8 @@ CONFIG_IIO_TRIGGER=y CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 4f9c75670..48ba9cc6a 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1992,8 +1992,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index fd0d32381..896ea2a3a 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1975,8 +1975,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index b10f1c7ff..b31622681 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1972,8 +1972,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-s390x.config b/kernel-s390x.config index 4134d0e4d..a6b48386f 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1955,8 +1955,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index fbb4a69ed..bd48d1258 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2228,8 +2228,8 @@ CONFIG_IIO_TRIGGER=y CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 72a310cab..16e5799e8 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2211,8 +2211,8 @@ CONFIG_IIO_TRIGGER=y CONFIG_IKHEADERS=m # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 |