summaryrefslogtreecommitdiffstats
path: root/kernel-s390x-debug.config
diff options
context:
space:
mode:
authorJeremy Cline <jcline@redhat.com>2019-09-30 20:00:17 +0000
committerJeremy Cline <jcline@redhat.com>2019-10-01 14:20:23 +0000
commite21e52b60843bc2c19b187cd6d25723686a610dc (patch)
tree2b88310af462707e2cc8f3b61768d555025e476f /kernel-s390x-debug.config
parentb82da9d02ca2eb7a3632ca276f5301a04e10d270 (diff)
downloadkernel-e21e52b60843bc2c19b187cd6d25723686a610dc.tar.gz
kernel-e21e52b60843bc2c19b187cd6d25723686a610dc.tar.xz
kernel-e21e52b60843bc2c19b187cd6d25723686a610dc.zip
Linux v5.3-13236-g97f9a3c4eee5
This is a first pass at getting the secureboot patches working with the upstream lockdown patches that got merged. The final patch from our lockdown set is the sysrq patch which also needs work. For the present it is not applied.
Diffstat (limited to 'kernel-s390x-debug.config')
-rw-r--r--kernel-s390x-debug.config10
1 files changed, 9 insertions, 1 deletions
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index df5319d73..26d01b430 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -1979,6 +1979,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
+# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
@@ -2416,6 +2417,7 @@ CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_UNCOMPRESSED is not set
# CONFIG_KERNEL_XZ is not set
CONFIG_KEXEC_FILE=y
+CONFIG_KEXEC_SIG=y
# CONFIG_KEXEC_VERIFY_SIG is not set
CONFIG_KEXEC=y
# CONFIG_KEYBOARD_ADC is not set
@@ -2600,6 +2602,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
+CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y
@@ -3675,7 +3680,7 @@ CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_VXLAN=m
# CONFIG_OPROFILE is not set
CONFIG_OPT3001=m
-# CONFIG_OPTIMIZE_INLINING is not set
+CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m
@@ -4501,6 +4506,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set
+CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set
@@ -6026,6 +6033,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=y
+CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y