diff options
author | Peter Robinson <pbrobinson@gmail.com> | 2020-01-29 13:15:29 +0000 |
---|---|---|
committer | Peter Robinson <pbrobinson@gmail.com> | 2020-01-29 13:15:29 +0000 |
commit | 4f983e9658dc322e58d27ac223a85239f46cdc17 (patch) | |
tree | 1d89419e81904f81b72b522e1629349ef844cea9 | |
parent | 92ebc5dd37dba1571143b5f13dd830423ddf5053 (diff) | |
download | kernel-4f983e9658dc322e58d27ac223a85239f46cdc17.tar.gz kernel-4f983e9658dc322e58d27ac223a85239f46cdc17.tar.xz kernel-4f983e9658dc322e58d27ac223a85239f46cdc17.zip |
ima: enable system extra cert to enable adding an extra cert without needing custom kernels
-rw-r--r-- | configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE | 2 | ||||
-rw-r--r-- | configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE | 1 | ||||
-rw-r--r-- | kernel-aarch64-debug-fedora.config | 3 | ||||
-rw-r--r-- | kernel-aarch64-fedora.config | 3 | ||||
-rw-r--r-- | kernel-armv7hl-debug-fedora.config | 3 | ||||
-rw-r--r-- | kernel-armv7hl-fedora.config | 3 | ||||
-rw-r--r-- | kernel-armv7hl-lpae-debug-fedora.config | 3 | ||||
-rw-r--r-- | kernel-armv7hl-lpae-fedora.config | 3 | ||||
-rw-r--r-- | kernel-i686-debug-fedora.config | 3 | ||||
-rw-r--r-- | kernel-i686-fedora.config | 3 | ||||
-rw-r--r-- | kernel-ppc64le-debug-fedora.config | 3 | ||||
-rw-r--r-- | kernel-ppc64le-fedora.config | 3 | ||||
-rw-r--r-- | kernel-s390x-debug-fedora.config | 3 | ||||
-rw-r--r-- | kernel-s390x-fedora.config | 3 | ||||
-rw-r--r-- | kernel-x86_64-debug-fedora.config | 3 | ||||
-rw-r--r-- | kernel-x86_64-fedora.config | 3 |
16 files changed, 30 insertions, 15 deletions
diff --git a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE index fea571fdc..a831f7ab1 100644 --- a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE +++ b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE @@ -1 +1 @@ -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y diff --git a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE new file mode 100644 index 000000000..330619e5c --- /dev/null +++ b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE @@ -0,0 +1 @@ +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index 07f5648ca..e31327bdb 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -6348,7 +6348,8 @@ CONFIG_SYSCTL=y # CONFIG_SYS_HYPERVISOR is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index f7df56d86..f1cba2aaf 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -6326,7 +6326,8 @@ CONFIG_SYSCTL=y # CONFIG_SYS_HYPERVISOR is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config index 6d57de7ee..23297c058 100644 --- a/kernel-armv7hl-debug-fedora.config +++ b/kernel-armv7hl-debug-fedora.config @@ -6577,7 +6577,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config index bb4f68341..4312e64d5 100644 --- a/kernel-armv7hl-fedora.config +++ b/kernel-armv7hl-fedora.config @@ -6556,7 +6556,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config index ba386d108..148c87a45 100644 --- a/kernel-armv7hl-lpae-debug-fedora.config +++ b/kernel-armv7hl-lpae-debug-fedora.config @@ -6329,7 +6329,8 @@ CONFIG_SYSCTL=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config index e330ecfb9..db2718fe6 100644 --- a/kernel-armv7hl-lpae-fedora.config +++ b/kernel-armv7hl-lpae-fedora.config @@ -6308,7 +6308,8 @@ CONFIG_SYSCTL=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config index 3678de469..b5377cc1c 100644 --- a/kernel-i686-debug-fedora.config +++ b/kernel-i686-debug-fedora.config @@ -5722,7 +5722,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config index 9c8dfe5d7..57ecde102 100644 --- a/kernel-i686-fedora.config +++ b/kernel-i686-fedora.config @@ -5701,7 +5701,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index e5a3b8194..b86a50b6c 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -5340,7 +5340,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index 9a6fe96ed..959591243 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -5317,7 +5317,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index a1bb4356e..59ffebfc0 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -5275,7 +5275,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index d472178f9..68f0d3b47 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -5252,7 +5252,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index 0e5eec2c1..0ac5c0ac5 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -5776,7 +5776,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index 6779e9683..7a4a1fd8e 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -5755,7 +5755,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" |