Enable IMA Appraisal - related rhbz 790008 1554474

1 files changed, 8 insertions, 2 deletions

diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 87172823e..60a54e35a 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -2184,18 +2184,23 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
-# CONFIG_IMA_APPRAISE is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
+CONFIG_IMA_APPRAISE=y
 # CONFIG_IMA_ARCH_POLICY is not set
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
 CONFIG_IMA_NG_TEMPLATE=y
 CONFIG_IMA_READ_POLICY=y
 # CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
+# CONFIG_IMA_TRUSTED_KEYRING is not set
 CONFIG_IMA_WRITE_POLICY=y
 CONFIG_IMA=y
 # CONFIG_IMG_ASCII_LCD is not set
@@ -2316,6 +2321,7 @@ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
 CONFIG_INTEGRITY_AUDIT=y
 CONFIG_INTEGRITY_PLATFORM_KEYRING=y
 CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY_TRUSTED_KEYRING=y
 CONFIG_INTEGRITY=y
 CONFIG_INTEL_ATOMISP2_PM=m
 CONFIG_INTEL_BXT_PMIC_THERMAL=m
@@ -5686,7 +5692,7 @@ CONFIG_TCG_NSC=m
 # CONFIG_TCG_TIS_I2C_ATMEL is not set
 # CONFIG_TCG_TIS_I2C_INFINEON is not set
 # CONFIG_TCG_TIS_I2C_NUVOTON is not set
-# CONFIG_TCG_TIS_SPI is not set
+CONFIG_TCG_TIS_SPI=m
 # CONFIG_TCG_TIS_ST33ZP24_I2C is not set
 # CONFIG_TCG_TIS_ST33ZP24_SPI is not set
 CONFIG_TCG_TIS=y