diff options
| author | Jeremy Cline <jeremy@jcline.org> | 2018-03-12 15:31:15 -0400 |
|---|---|---|
| committer | Jeremy Cline <jeremy@jcline.org> | 2018-03-12 15:31:15 -0400 |
| commit | 2758d24adfddcb6d8ede1a48a9fe045da79fb244 (patch) | |
| tree | a0fa34e17e4b075a6a73baef56858b011a7ae53b | |
| parent | 06a455a312a2ee8eada2805fe20d362366630b1c (diff) | |
| download | kernel-2758d24adfddcb6d8ede1a48a9fe045da79fb244.tar.gz kernel-2758d24adfddcb6d8ede1a48a9fe045da79fb244.tar.xz kernel-2758d24adfddcb6d8ede1a48a9fe045da79fb244.zip | |
Revert "Enable IMA (rhbz 790008)"
This reverts commit bb540d20c6388d18e5977f14f35f96318be223e1.
A recent change to the EFI lockdown patch forces IMA policy to be loaded
when secureboot is used. Unfortunately, we don't have all the pieces in
place to have all components fully signed. A F29 change request is
planned to address this, so disable IMA for F28.
35 files changed, 69 insertions, 280 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA b/configs/fedora/generic/CONFIG_IMA index 752982bdd..83a06345b 100644 --- a/configs/fedora/generic/CONFIG_IMA +++ b/configs/fedora/generic/CONFIG_IMA @@ -1 +1 @@ -CONFIG_IMA=y +# CONFIG_IMA is not set diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE deleted file mode 100644 index da04fd67d..000000000 --- a/configs/fedora/generic/CONFIG_IMA_APPRAISE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_APPRAISE=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM deleted file mode 100644 index 000a58fb6..000000000 --- a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_APPRAISE_BOOTPARAM=y diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING deleted file mode 100644 index 5329626fb..000000000 --- a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_IMA_BLACKLIST_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY deleted file mode 100644 index 08056234d..000000000 --- a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 deleted file mode 100644 index 00d39701b..000000000 --- a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_IMA_LOAD_X509 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_READ_POLICY b/configs/fedora/generic/CONFIG_IMA_READ_POLICY deleted file mode 100644 index 8f280d803..000000000 --- a/configs/fedora/generic/CONFIG_IMA_READ_POLICY +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_READ_POLICY=y diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING deleted file mode 100644 index d27057dad..000000000 --- a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_TRUSTED_KEYRING=y diff --git a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY deleted file mode 100644 index e54ce85d7..000000000 --- a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_WRITE_POLICY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY b/configs/fedora/generic/CONFIG_INTEGRITY index a3524cb6b..5dd074057 100644 --- a/configs/fedora/generic/CONFIG_INTEGRITY +++ b/configs/fedora/generic/CONFIG_INTEGRITY @@ -1 +1 @@ -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS deleted file mode 100644 index a1485b903..000000000 --- a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT deleted file mode 100644 index 09d5db2b6..000000000 --- a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEGRITY_AUDIT=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE deleted file mode 100644 index 2d104809d..000000000 --- a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEGRITY_SIGNATURE=y diff --git a/configs/fedora/generic/CONFIG_TCG_TIS b/configs/fedora/generic/CONFIG_TCG_TIS index eb9a4ccac..b119645b2 100644 --- a/configs/fedora/generic/CONFIG_TCG_TIS +++ b/configs/fedora/generic/CONFIG_TCG_TIS @@ -1 +1 @@ -CONFIG_TCG_TIS=y +CONFIG_TCG_TIS=m diff --git a/configs/fedora/generic/CONFIG_TCG_TPM b/configs/fedora/generic/CONFIG_TCG_TPM index 07d9499c1..8c2c3b86d 100644 --- a/configs/fedora/generic/CONFIG_TCG_TPM +++ b/configs/fedora/generic/CONFIG_TCG_TPM @@ -1 +1 @@ -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index e2c0ad429..c374cf75d 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2205,17 +2205,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2335,10 +2327,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5692,12 +5681,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-aarch64.config b/kernel-aarch64.config index f241c8b02..52fac6573 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2187,17 +2187,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2317,10 +2309,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5668,12 +5657,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 06be2a125..629a557f6 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2329,17 +2329,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2478,10 +2470,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6161,12 +6150,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 62269a667..fba8d9eb9 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2215,17 +2215,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2347,10 +2339,7 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5760,12 +5749,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index e3af01fce..7937d0aab 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2197,17 +2197,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2329,10 +2321,7 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5736,12 +5725,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 105731a57..d088a96b5 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2311,17 +2311,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2460,10 +2452,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6137,12 +6126,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index 7add60bd6..33ba37169 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -2052,17 +2052,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2180,10 +2172,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5338,12 +5327,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 41689a39e..6f233be72 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -2071,17 +2071,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2199,10 +2191,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5361,12 +5350,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index abfac8c54..4110eac33 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2071,17 +2071,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2199,10 +2191,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5361,12 +5350,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686.config b/kernel-i686.config index e2b0ac96c..b27e37c6c 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2052,17 +2052,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2180,10 +2172,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5338,12 +5327,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 3289affb3..68ea3984b 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -1960,17 +1960,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2084,10 +2076,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5132,11 +5121,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64.config b/kernel-ppc64.config index f211e4b89..f40057455 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -1941,17 +1941,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2065,10 +2057,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5107,11 +5096,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 59b3e81bc..a1638aaeb 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1905,17 +1905,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2029,10 +2021,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5060,11 +5049,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 93ed61ad6..b29251361 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1886,17 +1886,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2010,10 +2002,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5035,11 +5024,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index c05b3c585..d10cbe38b 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1860,17 +1860,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1984,10 +1976,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4954,12 +4943,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-s390x.config b/kernel-s390x.config index 21eafc9b8..d914c23c0 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1841,17 +1841,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1965,10 +1957,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4929,12 +4918,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 0b83aa306..9f2bcacc1 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2118,17 +2118,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2250,10 +2242,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5452,12 +5441,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 2b62f36a1..ddd640e07 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2099,17 +2099,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2231,10 +2223,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5429,12 +5418,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel.spec b/kernel.spec index 3f6695476..9708b55f1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1873,6 +1873,7 @@ fi %changelog * Mon Mar 12 2018 Jeremy Cline <jeremy@jcline.org> - 4.16.0-0.rc5.git0.1 - Linux v4.16-rc5 +- Disable IMA (rhbz 790008) * Mon Mar 12 2018 Jeremy Cline <jeremy@jcline.org> - Disable debugging options. diff --git a/rebase-notes.txt b/rebase-notes.txt index 937c43e22..85e185c03 100644 --- a/rebase-notes.txt +++ b/rebase-notes.txt @@ -1,6 +1,3 @@ -Linux 4.16 rebase notes: -- Consider turning off all the IMA features? - Linux 4.15 rebase notes: - Disable power-management features enabled for F28+ -Set CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 |