summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Robinson <pbrobinson@gmail.com>2019-07-17 11:09:36 +0100
committerPeter Robinson <pbrobinson@gmail.com>2019-07-17 11:10:24 +0100
commit89207621e9e4a9abe5b30315ef9ac0b3a7e7efa0 (patch)
tree344d4b243394ee647c0188798bd7959a8ba5a530
parentef64fcc47a9e26f355d3bffa42a91760ca19fe5c (diff)
downloadkernel-89207621e9e4a9abe5b30315ef9ac0b3a7e7efa0.tar.gz
kernel-89207621e9e4a9abe5b30315ef9ac0b3a7e7efa0.tar.xz
kernel-89207621e9e4a9abe5b30315ef9ac0b3a7e7efa0.zip
IMA: change default hash from sha1 to sha256, the later is more secuure and hence should be the default
-rw-r--r--configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA12
-rw-r--r--configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA2562
-rw-r--r--kernel-aarch64-debug.config4
-rw-r--r--kernel-aarch64.config4
-rw-r--r--kernel-armv7hl-debug.config4
-rw-r--r--kernel-armv7hl-lpae-debug.config4
-rw-r--r--kernel-armv7hl-lpae.config4
-rw-r--r--kernel-armv7hl.config4
-rw-r--r--kernel-i686-debug.config4
-rw-r--r--kernel-i686.config4
-rw-r--r--kernel-ppc64le-debug.config4
-rw-r--r--kernel-ppc64le.config4
-rw-r--r--kernel-s390x-debug.config4
-rw-r--r--kernel-s390x.config4
-rw-r--r--kernel-x86_64-debug.config4
-rw-r--r--kernel-x86_64.config4
16 files changed, 30 insertions, 30 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
index f1f433af9..b51889849 100644
--- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
+++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
@@ -1 +1 @@
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
index 29bd8f86d..e627fd9e9 100644
--- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
+++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
@@ -1 +1 @@
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index f402b89fd..450a01b0e 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -2448,8 +2448,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index 048499c40..4faef0199 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -2432,8 +2432,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index bd543c222..0a5f43c7f 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -2482,8 +2482,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 8b31da262..31bee654e 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -2400,8 +2400,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index 3e3e73c08..71a48f38c 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -2385,8 +2385,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 00a1a8ebc..97e266b0a 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -2467,8 +2467,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index b529cc042..e5fae92b8 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -2200,8 +2200,8 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-i686.config b/kernel-i686.config
index 5f81037fb..d4b369150 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2183,8 +2183,8 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index a119339c7..099f4f1dc 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -2006,8 +2006,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
# CONFIG_IMA is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index 3b32d3d73..dda118f4d 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -1989,8 +1989,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
# CONFIG_IMA is not set
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index ed1400a80..f0ad5491f 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -1984,8 +1984,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-s390x.config b/kernel-s390x.config
index 5395aff4e..511c3a4ff 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -1967,8 +1967,8 @@ CONFIG_IIO_TRIGGER=y
# CONFIG_IKCONFIG is not set
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 5d092904f..b5bb4a598 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -2245,8 +2245,8 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 0aadcd337..44d238b32 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -2228,8 +2228,8 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m
# CONFIG_IMA_APPRAISE is not set
# CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10