diff options
| author | Peter Robinson <pbrobinson@gmail.com> | 2020-01-29 13:15:29 +0000 |
|---|---|---|
| committer | Peter Robinson <pbrobinson@gmail.com> | 2020-01-29 13:16:38 +0000 |
| commit | be68e8579a6185fc408b7b764edf39166a24eb3f (patch) | |
| tree | f0cdf175a7c4ad69e0090d47e28c19f4cec0dff8 | |
| parent | 478f01e4e4c2d0db8be8c79463667135f5287f25 (diff) | |
| download | kernel-be68e8579a6185fc408b7b764edf39166a24eb3f.tar.gz kernel-be68e8579a6185fc408b7b764edf39166a24eb3f.tar.xz kernel-be68e8579a6185fc408b7b764edf39166a24eb3f.zip | |
ima: enable system extra cert to enable adding an extra cert without needing custom kernels
| -rw-r--r-- | configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE | 2 | ||||
| -rw-r--r-- | configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE | 1 | ||||
| -rw-r--r-- | kernel-aarch64-debug-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-aarch64-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-armv7hl-debug-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-armv7hl-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae-debug-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-i686-debug-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-i686-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-ppc64le-debug-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-ppc64le-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-s390x-debug-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-s390x-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-x86_64-debug-fedora.config | 3 | ||||
| -rw-r--r-- | kernel-x86_64-fedora.config | 3 |
16 files changed, 30 insertions, 15 deletions
diff --git a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE index fea571fdc..a831f7ab1 100644 --- a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE +++ b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE @@ -1 +1 @@ -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y diff --git a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE new file mode 100644 index 000000000..330619e5c --- /dev/null +++ b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE @@ -0,0 +1 @@ +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index 24bd02954..2d8d904ca 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -6272,7 +6272,8 @@ CONFIG_SYSCTL=y # CONFIG_SYS_HYPERVISOR is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index b6a251764..1bfe1a799 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -6250,7 +6250,8 @@ CONFIG_SYSCTL=y # CONFIG_SYS_HYPERVISOR is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config index cabb2a1ee..ecf4957cf 100644 --- a/kernel-armv7hl-debug-fedora.config +++ b/kernel-armv7hl-debug-fedora.config @@ -6502,7 +6502,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config index c107f8f6b..ee69ef648 100644 --- a/kernel-armv7hl-fedora.config +++ b/kernel-armv7hl-fedora.config @@ -6481,7 +6481,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config index e2dbbf701..cb6887e5f 100644 --- a/kernel-armv7hl-lpae-debug-fedora.config +++ b/kernel-armv7hl-lpae-debug-fedora.config @@ -6188,7 +6188,8 @@ CONFIG_SYSCTL=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config index 28dc194ad..320942b46 100644 --- a/kernel-armv7hl-lpae-fedora.config +++ b/kernel-armv7hl-lpae-fedora.config @@ -6167,7 +6167,8 @@ CONFIG_SYSCTL=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config index e82a78389..1b675520e 100644 --- a/kernel-i686-debug-fedora.config +++ b/kernel-i686-debug-fedora.config @@ -5676,7 +5676,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config index 850f97a91..b10e73808 100644 --- a/kernel-i686-fedora.config +++ b/kernel-i686-fedora.config @@ -5655,7 +5655,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index 302a0a889..9aa558706 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -5294,7 +5294,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index 447596ff1..ebebaadbb 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -5271,7 +5271,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index e82d4e767..209553a05 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -5230,7 +5230,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index 00b83339e..8f60bf62b 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -5207,7 +5207,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index 63f63476f..a9f38f599 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -5731,7 +5731,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index 600127b1e..ade3b7d5d 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -5710,7 +5710,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" |