diff options
| author | Peter Robinson <pbrobinson@gmail.com> | 2019-07-17 11:09:36 +0100 |
|---|---|---|
| committer | Peter Robinson <pbrobinson@gmail.com> | 2019-07-17 11:17:23 +0100 |
| commit | a344da7077566c43ffc3ea9b6f0fe5d7d69c8045 (patch) | |
| tree | 13854f5e2253e9e5c41cfbb40d95c12d56b49dd6 | |
| parent | 10a3f2eb22d23a5a28b1e474bf2caa3f07d5f70a (diff) | |
| download | kernel-a344da7077566c43ffc3ea9b6f0fe5d7d69c8045.tar.gz kernel-a344da7077566c43ffc3ea9b6f0fe5d7d69c8045.tar.xz kernel-a344da7077566c43ffc3ea9b6f0fe5d7d69c8045.zip | |
IMA: change default hash from sha1 to sha256, the later is more secuure and hence should be the default
| -rw-r--r-- | configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 | 2 | ||||
| -rw-r--r-- | configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 | 2 | ||||
| -rw-r--r-- | kernel-aarch64-debug.config | 4 | ||||
| -rw-r--r-- | kernel-aarch64.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-debug.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae-debug.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl.config | 4 | ||||
| -rw-r--r-- | kernel-i686-debug.config | 4 | ||||
| -rw-r--r-- | kernel-i686.config | 4 | ||||
| -rw-r--r-- | kernel-ppc64le-debug.config | 4 | ||||
| -rw-r--r-- | kernel-ppc64le.config | 4 | ||||
| -rw-r--r-- | kernel-s390x-debug.config | 4 | ||||
| -rw-r--r-- | kernel-s390x.config | 4 | ||||
| -rw-r--r-- | kernel-x86_64-debug.config | 4 | ||||
| -rw-r--r-- | kernel-x86_64.config | 4 |
16 files changed, 30 insertions, 30 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 index f1f433af9..b51889849 100644 --- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 +++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 @@ -1 +1 @@ -CONFIG_IMA_DEFAULT_HASH_SHA1=y +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 index 29bd8f86d..e627fd9e9 100644 --- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 +++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 @@ -1 +1 @@ -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index 3ee558d02..0df3a161d 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2383,8 +2383,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-aarch64.config b/kernel-aarch64.config index 9964d6d8a..51e461f6e 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2367,8 +2367,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index d0d81b8ad..48a70ba1f 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2426,8 +2426,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 1350ca8c1..4576ca723 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2340,8 +2340,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 72ec631ba..9d0457154 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2325,8 +2325,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 8d2811ab0..388b1e254 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2411,8 +2411,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index f89797c5d..2ce656236 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2148,8 +2148,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-i686.config b/kernel-i686.config index fe4a05435..4aaff465d 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2131,8 +2131,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index c9abec928..fa9fe3fec 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1957,8 +1957,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 4884618b4..8863f4c01 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1940,8 +1940,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA is not set CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index 41f884a15..5fa14d4af 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1937,8 +1937,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-s390x.config b/kernel-s390x.config index 3d07d6ec4..23b666043 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1920,8 +1920,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index ec5e71147..d0fc05bb0 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2193,8 +2193,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 diff --git a/kernel-x86_64.config b/kernel-x86_64.config index c45a4ecc6..0be460e83 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2176,8 +2176,8 @@ CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set # CONFIG_IMA_APPRAISE is not set # CONFIG_IMA_ARCH_POLICY is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 |