diff options
27 files changed, 328 insertions, 130 deletions
diff --git a/Makefile.rhelver b/Makefile.rhelver index a6b858d9a..e5179f2d3 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 99 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 95 +RHEL_RELEASE = 97 # # Early y+1 numbering diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index 66a60609a..2eddd1dea 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -1143,7 +1143,17 @@ CONFIG_CONTEXT_SWITCH_TRACER=y # CONFIG_CONTEXT_TRACKING_FORCE is not set CONFIG_CORDIC=m CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y -# CONFIG_CORESIGHT is not set +CONFIG_CORESIGHT_CATU=m +CONFIG_CORESIGHT_CPU_DEBUG=m +# CONFIG_CORESIGHT_CTI_INTEGRATION_REGS is not set +CONFIG_CORESIGHT_CTI=m +CONFIG_CORESIGHT_LINK_AND_SINK_TMC=m +CONFIG_CORESIGHT_LINKS_AND_SINKS=m +CONFIG_CORESIGHT=m +CONFIG_CORESIGHT_SINK_ETBV10=m +CONFIG_CORESIGHT_SINK_TPIU=m +CONFIG_CORESIGHT_SOURCE_ETM4X=m +CONFIG_CORESIGHT_STM=m CONFIG_CORTINA_PHY=m # CONFIG_COUNTER is not set CONFIG_CP15_BARRIER_EMULATION=y @@ -1968,7 +1978,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2722,6 +2735,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -3216,6 +3230,7 @@ CONFIG_KALLSYMS_ALL=y CONFIG_KALLSYMS=y CONFIG_KARMA_PARTITION=y # CONFIG_KASAN is not set +# CONFIG_KASAN_SW_TAGS is not set CONFIG_KASAN_VMALLOC=y # CONFIG_KCOV is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 @@ -4517,6 +4532,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y @@ -4958,7 +4974,7 @@ CONFIG_PHY_TEGRA_XUSB=m CONFIG_PHY_XGENE=y CONFIG_PHY_XILINX_ZYNQMP=m # CONFIG_PI433 is not set -# CONFIG_PID_IN_CONTEXTIDR is not set +CONFIG_PID_IN_CONTEXTIDR=y CONFIG_PID_NS=y CONFIG_PINCONF=y CONFIG_PINCTRL_AMD=y @@ -6837,7 +6853,8 @@ CONFIG_STK3310=m # CONFIG_STK8312 is not set # CONFIG_STK8BA50 is not set # CONFIG_STM32_FMC2_EBI is not set -# CONFIG_STM is not set +# CONFIG_STM_DUMMY is not set +CONFIG_STM=m CONFIG_STMMAC_ETH=m # CONFIG_STMMAC_PCI is not set CONFIG_STMMAC_PLATFORM=m @@ -6845,6 +6862,11 @@ CONFIG_STMMAC_PLATFORM=m CONFIG_STMPE_ADC=m CONFIG_STMPE_I2C=y CONFIG_STMPE_SPI=y +# CONFIG_STM_PROTO_BASIC is not set +# CONFIG_STM_PROTO_SYS_T is not set +# CONFIG_STM_SOURCE_CONSOLE is not set +# CONFIG_STM_SOURCE_FTRACE is not set +# CONFIG_STM_SOURCE_HEARTBEAT is not set CONFIG_STRICT_DEVMEM=y CONFIG_STRICT_KERNEL_RWX=y # CONFIG_STRING_SELFTEST is not set diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config index 459ba71c0..7b8143b27 100644 --- a/kernel-aarch64-debug-rhel.config +++ b/kernel-aarch64-debug-rhel.config @@ -1502,7 +1502,7 @@ CONFIG_ENABLE_MUST_CHECK=y # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENA_ETHERNET=m CONFIG_ENCLOSURE_SERVICES=m -CONFIG_ENCRYPTED_KEYS=m +CONFIG_ENCRYPTED_KEYS=y CONFIG_ENERGY_MODEL=y CONFIG_ENIC=m CONFIG_EPIC100=m @@ -1515,7 +1515,10 @@ CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set -# CONFIG_EVM is not set +CONFIG_EVM_ATTR_FSUUID=y +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" +CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set CONFIG_EXPORTFS_BLOCK_OPS=y @@ -2141,25 +2144,28 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IIO_TRIGGERED_EVENT is not set # CONFIG_IKCONFIG is not set # CONFIG_IKHEADERS is not set -# CONFIG_IMA_APPRAISE_BOOTPARAM is not set -# CONFIG_IMA_APPRAISE is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -2277,9 +2283,9 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m # CONFIG_INT3406_THERMAL is not set CONFIG_INTEGRITY_AUDIT=y -# CONFIG_INTEGRITY is not set # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set # CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP2_PM is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_IDXD=m @@ -2567,6 +2573,7 @@ CONFIG_KALLSYMS=y CONFIG_KASAN_GENERIC=y CONFIG_KASAN_INLINE=y # CONFIG_KASAN_OUTLINE is not set +# CONFIG_KASAN_SW_TAGS is not set CONFIG_KASAN_VMALLOC=y CONFIG_KASAN=y # CONFIG_KCOV is not set @@ -3630,6 +3637,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index 58ddc8cb3..be9ca63de 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -1143,7 +1143,17 @@ CONFIG_CONTEXT_SWITCH_TRACER=y # CONFIG_CONTEXT_TRACKING_FORCE is not set CONFIG_CORDIC=m CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y -# CONFIG_CORESIGHT is not set +CONFIG_CORESIGHT_CATU=m +CONFIG_CORESIGHT_CPU_DEBUG=m +# CONFIG_CORESIGHT_CTI_INTEGRATION_REGS is not set +CONFIG_CORESIGHT_CTI=m +CONFIG_CORESIGHT_LINK_AND_SINK_TMC=m +CONFIG_CORESIGHT_LINKS_AND_SINKS=m +CONFIG_CORESIGHT=m +CONFIG_CORESIGHT_SINK_ETBV10=m +CONFIG_CORESIGHT_SINK_TPIU=m +CONFIG_CORESIGHT_SOURCE_ETM4X=m +CONFIG_CORESIGHT_STM=m CONFIG_CORTINA_PHY=m # CONFIG_COUNTER is not set CONFIG_CP15_BARRIER_EMULATION=y @@ -1960,7 +1970,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2706,6 +2719,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -3200,6 +3214,7 @@ CONFIG_KALLSYMS_ALL=y CONFIG_KALLSYMS=y CONFIG_KARMA_PARTITION=y # CONFIG_KASAN is not set +# CONFIG_KASAN_SW_TAGS is not set # CONFIG_KASAN_VMALLOC is not set # CONFIG_KCOV is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 @@ -4498,6 +4513,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y @@ -4939,7 +4955,7 @@ CONFIG_PHY_TEGRA_XUSB=m CONFIG_PHY_XGENE=y CONFIG_PHY_XILINX_ZYNQMP=m # CONFIG_PI433 is not set -# CONFIG_PID_IN_CONTEXTIDR is not set +CONFIG_PID_IN_CONTEXTIDR=y CONFIG_PID_NS=y CONFIG_PINCONF=y CONFIG_PINCTRL_AMD=y @@ -6816,7 +6832,8 @@ CONFIG_STK3310=m # CONFIG_STK8312 is not set # CONFIG_STK8BA50 is not set # CONFIG_STM32_FMC2_EBI is not set -# CONFIG_STM is not set +# CONFIG_STM_DUMMY is not set +CONFIG_STM=m CONFIG_STMMAC_ETH=m # CONFIG_STMMAC_PCI is not set CONFIG_STMMAC_PLATFORM=m @@ -6824,6 +6841,11 @@ CONFIG_STMMAC_PLATFORM=m CONFIG_STMPE_ADC=m CONFIG_STMPE_I2C=y CONFIG_STMPE_SPI=y +# CONFIG_STM_PROTO_BASIC is not set +# CONFIG_STM_PROTO_SYS_T is not set +# CONFIG_STM_SOURCE_CONSOLE is not set +# CONFIG_STM_SOURCE_FTRACE is not set +# CONFIG_STM_SOURCE_HEARTBEAT is not set CONFIG_STRICT_DEVMEM=y CONFIG_STRICT_KERNEL_RWX=y # CONFIG_STRING_SELFTEST is not set diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config index 213910612..c8effcd96 100644 --- a/kernel-aarch64-rhel.config +++ b/kernel-aarch64-rhel.config @@ -1494,7 +1494,7 @@ CONFIG_ENABLE_MUST_CHECK=y # CONFIG_ENABLE_WARN_DEPRECATED is not set CONFIG_ENA_ETHERNET=m CONFIG_ENCLOSURE_SERVICES=m -CONFIG_ENCRYPTED_KEYS=m +CONFIG_ENCRYPTED_KEYS=y CONFIG_ENERGY_MODEL=y CONFIG_ENIC=m CONFIG_EPIC100=m @@ -1507,7 +1507,10 @@ CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set -# CONFIG_EVM is not set +CONFIG_EVM_ATTR_FSUUID=y +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" +CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set CONFIG_EXPORTFS_BLOCK_OPS=y @@ -2125,25 +2128,28 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IIO_TRIGGERED_EVENT is not set # CONFIG_IKCONFIG is not set # CONFIG_IKHEADERS is not set -# CONFIG_IMA_APPRAISE_BOOTPARAM is not set -# CONFIG_IMA_APPRAISE is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -2261,9 +2267,9 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m # CONFIG_INT3406_THERMAL is not set CONFIG_INTEGRITY_AUDIT=y -# CONFIG_INTEGRITY is not set # CONFIG_INTEGRITY_PLATFORM_KEYRING is not set # CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP2_PM is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_IDXD=m @@ -2551,6 +2557,7 @@ CONFIG_KALLSYMS=y # CONFIG_KASAN_GENERIC is not set # CONFIG_KASAN is not set # CONFIG_KASAN_OUTLINE is not set +# CONFIG_KASAN_SW_TAGS is not set # CONFIG_KASAN_VMALLOC is not set # CONFIG_KCOV is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 @@ -3613,6 +3620,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config index d6e8511d6..89f4f2a59 100644 --- a/kernel-armv7hl-debug-fedora.config +++ b/kernel-armv7hl-debug-fedora.config @@ -2002,7 +2002,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2749,6 +2752,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -4593,6 +4597,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config index fe5ff8d17..1c8445ecc 100644 --- a/kernel-armv7hl-fedora.config +++ b/kernel-armv7hl-fedora.config @@ -1995,7 +1995,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2734,6 +2737,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -4575,6 +4579,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config index 21a669f59..6cca56afc 100644 --- a/kernel-armv7hl-lpae-debug-fedora.config +++ b/kernel-armv7hl-lpae-debug-fedora.config @@ -1954,7 +1954,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2692,6 +2695,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -4492,6 +4496,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config index a51a51a72..9aa58d5fa 100644 --- a/kernel-armv7hl-lpae-fedora.config +++ b/kernel-armv7hl-lpae-fedora.config @@ -1947,7 +1947,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2677,6 +2680,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -4474,6 +4478,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config index 1c85d7020..145371924 100644 --- a/kernel-i686-debug-fedora.config +++ b/kernel-i686-debug-fedora.config @@ -1678,7 +1678,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2410,9 +2413,10 @@ CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -2422,6 +2426,7 @@ CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set # CONFIG_IMA_TRUSTED_KEYRING is not set @@ -2922,6 +2927,7 @@ CONFIG_KARMA_PARTITION=y # CONFIG_KASAN is not set CONFIG_KASAN_VMALLOC=y # CONFIG_KCOV is not set +# CONFIG_KCSAN is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_DEFAULT_ENABLE=0x0 CONFIG_KDB_KEYBOARD=y @@ -4158,6 +4164,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config index 6e6ddbef2..851e5ae9e 100644 --- a/kernel-i686-fedora.config +++ b/kernel-i686-fedora.config @@ -1669,7 +1669,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2393,9 +2396,10 @@ CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -2405,6 +2409,7 @@ CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set # CONFIG_IMA_TRUSTED_KEYRING is not set @@ -2905,6 +2910,7 @@ CONFIG_KARMA_PARTITION=y # CONFIG_KASAN is not set # CONFIG_KASAN_VMALLOC is not set # CONFIG_KCOV is not set +# CONFIG_KCSAN is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 # CONFIG_KERNEL_BZIP2 is not set CONFIG_KERNEL_GZIP=y @@ -4139,6 +4145,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index fc98f141d..f03e2cf2f 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -1534,7 +1534,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2211,9 +2214,10 @@ CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -2223,6 +2227,7 @@ CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set # CONFIG_IMA_TRUSTED_KEYRING is not set @@ -3856,6 +3861,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y @@ -4327,6 +4333,8 @@ CONFIG_PPC_PSERIES=y CONFIG_PPC_RADIX_MMU_DEFAULT=y CONFIG_PPC_RADIX_MMU=y CONFIG_PPC_RTAS_FILTER=y +CONFIG_PPC_SECURE_BOOT=y +CONFIG_PPC_SECVAR_SYSFS=y CONFIG_PPC_SMLPAR=y CONFIG_PPC_SPLPAR=y CONFIG_PPC_SUBPAGE_PROT=y diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config index b1f4b0eb9..f537e3e60 100644 --- a/kernel-ppc64le-debug-rhel.config +++ b/kernel-ppc64le-debug-rhel.config @@ -1383,7 +1383,7 @@ CONFIG_ETHTOOL_NETLINK=y CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set CONFIG_EVM_ATTR_FSUUID=y -# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM_LOAD_X509=y CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" CONFIG_EVM=y # CONFIG_EXFAT_FS is not set @@ -2008,21 +2008,23 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IKHEADERS is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_MODSIG=y # CONFIG_IMA_APPRAISE_SIGNED_INIT is not set CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 # CONFIG_IMA_NG_TEMPLATE is not set -# CONFIG_IMA_READ_POLICY is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y @@ -3491,6 +3493,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y @@ -3933,6 +3936,8 @@ CONFIG_PPC_PSERIES=y CONFIG_PPC_RADIX_MMU_DEFAULT=y CONFIG_PPC_RADIX_MMU=y CONFIG_PPC_RTAS_FILTER=y +CONFIG_PPC_SECURE_BOOT=y +CONFIG_PPC_SECVAR_SYSFS=y CONFIG_PPC_SMLPAR=y CONFIG_PPC_SPLPAR=y CONFIG_PPC_SUBPAGE_PROT=y diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index 6dd56b961..9ce29ae12 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -1525,7 +1525,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2194,9 +2197,10 @@ CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -2206,6 +2210,7 @@ CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set # CONFIG_IMA_TRUSTED_KEYRING is not set @@ -3836,6 +3841,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y @@ -4307,6 +4313,8 @@ CONFIG_PPC_PSERIES=y CONFIG_PPC_RADIX_MMU_DEFAULT=y CONFIG_PPC_RADIX_MMU=y CONFIG_PPC_RTAS_FILTER=y +CONFIG_PPC_SECURE_BOOT=y +CONFIG_PPC_SECVAR_SYSFS=y CONFIG_PPC_SMLPAR=y CONFIG_PPC_SPLPAR=y CONFIG_PPC_SUBPAGE_PROT=y diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config index 30779f41c..1ec753c56 100644 --- a/kernel-ppc64le-rhel.config +++ b/kernel-ppc64le-rhel.config @@ -1375,7 +1375,7 @@ CONFIG_ETHTOOL_NETLINK=y CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set CONFIG_EVM_ATTR_FSUUID=y -# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM_LOAD_X509=y CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" CONFIG_EVM=y # CONFIG_EXFAT_FS is not set @@ -1992,21 +1992,23 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IKHEADERS is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_MODSIG=y # CONFIG_IMA_APPRAISE_SIGNED_INIT is not set CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 # CONFIG_IMA_NG_TEMPLATE is not set -# CONFIG_IMA_READ_POLICY is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y @@ -3475,6 +3477,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y @@ -3917,6 +3920,8 @@ CONFIG_PPC_PSERIES=y CONFIG_PPC_RADIX_MMU_DEFAULT=y CONFIG_PPC_RADIX_MMU=y CONFIG_PPC_RTAS_FILTER=y +CONFIG_PPC_SECURE_BOOT=y +CONFIG_PPC_SECVAR_SYSFS=y CONFIG_PPC_SMLPAR=y CONFIG_PPC_SPLPAR=y CONFIG_PPC_SUBPAGE_PROT=y diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index ed6503f70..df59198a4 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -1541,7 +1541,10 @@ CONFIG_ETHERNET=y # CONFIG_ETHOC is not set CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2193,6 +2196,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -3827,6 +3831,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config index bc255f141..98ce22e74 100644 --- a/kernel-s390x-debug-rhel.config +++ b/kernel-s390x-debug-rhel.config @@ -1374,7 +1374,7 @@ CONFIG_ENABLE_MUST_CHECK=y # CONFIG_ENABLE_WARN_DEPRECATED is not set # CONFIG_ENA_ETHERNET is not set CONFIG_ENCLOSURE_SERVICES=m -CONFIG_ENCRYPTED_KEYS=m +CONFIG_ENCRYPTED_KEYS=y CONFIG_ENERGY_MODEL=y CONFIG_ENIC=m CONFIG_EPIC100=m @@ -1387,7 +1387,10 @@ CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set -# CONFIG_EVM is not set +CONFIG_EVM_ATTR_FSUUID=y +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" +CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set CONFIG_EXPOLINE_AUTO=y @@ -1985,25 +1988,28 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IIO_TRIGGERED_EVENT is not set # CONFIG_IKCONFIG is not set # CONFIG_IKHEADERS is not set -# CONFIG_IMA_APPRAISE_BOOTPARAM is not set -# CONFIG_IMA_APPRAISE is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -3462,6 +3468,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index 1e45957c9..eb3a26784 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -1532,7 +1532,10 @@ CONFIG_ETHERNET=y # CONFIG_ETHOC is not set CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2176,6 +2179,7 @@ CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -3807,6 +3811,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config index 943f22eac..8db3fab5e 100644 --- a/kernel-s390x-rhel.config +++ b/kernel-s390x-rhel.config @@ -1366,7 +1366,7 @@ CONFIG_ENABLE_MUST_CHECK=y # CONFIG_ENABLE_WARN_DEPRECATED is not set # CONFIG_ENA_ETHERNET is not set CONFIG_ENCLOSURE_SERVICES=m -CONFIG_ENCRYPTED_KEYS=m +CONFIG_ENCRYPTED_KEYS=y CONFIG_ENERGY_MODEL=y CONFIG_ENIC=m CONFIG_EPIC100=m @@ -1379,7 +1379,10 @@ CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set -# CONFIG_EVM is not set +CONFIG_EVM_ATTR_FSUUID=y +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" +CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set CONFIG_EXPOLINE_AUTO=y @@ -1969,25 +1972,28 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IIO_TRIGGERED_EVENT is not set # CONFIG_IKCONFIG is not set # CONFIG_IKHEADERS is not set -# CONFIG_IMA_APPRAISE_BOOTPARAM is not set -# CONFIG_IMA_APPRAISE is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -3446,6 +3452,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config index b0fd378fa..c155387f8 100644 --- a/kernel-s390x-zfcpdump-rhel.config +++ b/kernel-s390x-zfcpdump-rhel.config @@ -1377,7 +1377,7 @@ CONFIG_ENABLE_MUST_CHECK=y # CONFIG_ENABLE_WARN_DEPRECATED is not set # CONFIG_ENA_ETHERNET is not set CONFIG_ENCLOSURE_SERVICES=y -CONFIG_ENCRYPTED_KEYS=m +CONFIG_ENCRYPTED_KEYS=y CONFIG_ENERGY_MODEL=y CONFIG_ENIC=m CONFIG_EPIC100=m @@ -1390,7 +1390,10 @@ CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set -# CONFIG_EVM is not set +CONFIG_EVM_ATTR_FSUUID=y +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" +CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set CONFIG_EXPOLINE_AUTO=y @@ -1984,25 +1987,28 @@ CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 # CONFIG_IIO_TRIGGERED_EVENT is not set # CONFIG_IKCONFIG is not set # CONFIG_IKHEADERS is not set -# CONFIG_IMA_APPRAISE_BOOTPARAM is not set -# CONFIG_IMA_APPRAISE is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set +CONFIG_IMA_APPRAISE=y # CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -3469,6 +3475,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index faa9b8f67..32299ddfc 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -1715,7 +1715,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2448,9 +2451,10 @@ CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -2460,6 +2464,7 @@ CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set # CONFIG_IMA_TRUSTED_KEYRING is not set @@ -2972,6 +2977,7 @@ CONFIG_KARMA_PARTITION=y # CONFIG_KASAN is not set CONFIG_KASAN_VMALLOC=y # CONFIG_KCOV is not set +# CONFIG_KCSAN is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_DEFAULT_ENABLE=0x0 CONFIG_KDB_KEYBOARD=y @@ -3048,7 +3054,6 @@ CONFIG_KS0108_PORT=0x378 # CONFIG_KS8842 is not set # CONFIG_KS8851 is not set # CONFIG_KS8851_MLL is not set -# CONFIG_KCSAN is not set CONFIG_KSM=y CONFIG_KSZ884X_PCI=m # CONFIG_KUNIT is not set @@ -4199,6 +4204,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 1ec3ea3d1..34311e715 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -1492,7 +1492,8 @@ CONFIG_ETHTOOL_NETLINK=y CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set CONFIG_EVM_ATTR_FSUUID=y -# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set @@ -2145,24 +2146,28 @@ CONFIG_IIO=m # CONFIG_IKHEADERS is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -2607,6 +2612,7 @@ CONFIG_KASAN_INLINE=y CONFIG_KASAN_VMALLOC=y CONFIG_KASAN=y # CONFIG_KCOV is not set +# CONFIG_KCSAN is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_DEFAULT_ENABLE=0x0 CONFIG_KDB_KEYBOARD=y @@ -3667,6 +3673,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index 66d486651..904a9f0a9 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -1706,7 +1706,10 @@ CONFIG_ETHERNET=y CONFIG_ETHOC=m CONFIG_ETHTOOL_NETLINK=y # CONFIG_EUROTECH_WDT is not set -# CONFIG_EVM is not set +# CONFIG_EVM_ADD_XATTRS is not set +CONFIG_EVM_ATTR_FSUUID=y +# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM=y CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" CONFIG_EXFAT_FS=m # CONFIG_EXPERT is not set @@ -2431,9 +2434,10 @@ CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set CONFIG_IMA_KEXEC=y @@ -2443,6 +2447,7 @@ CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set # CONFIG_IMA_TRUSTED_KEYRING is not set @@ -2955,6 +2960,7 @@ CONFIG_KARMA_PARTITION=y # CONFIG_KASAN is not set # CONFIG_KASAN_VMALLOC is not set # CONFIG_KCOV is not set +# CONFIG_KCSAN is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 # CONFIG_KERNEL_BZIP2 is not set # CONFIG_KERNEL_GZIP is not set @@ -3029,7 +3035,6 @@ CONFIG_KS0108_PORT=0x378 # CONFIG_KS8842 is not set # CONFIG_KS8851 is not set # CONFIG_KS8851_MLL is not set -# CONFIG_KCSAN is not set CONFIG_KSM=y CONFIG_KSZ884X_PCI=m # CONFIG_KUNIT is not set @@ -4180,6 +4185,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index 31e2b4d88..90d473456 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -1484,7 +1484,8 @@ CONFIG_ETHTOOL_NETLINK=y CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set CONFIG_EVM_ATTR_FSUUID=y -# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set @@ -2129,24 +2130,28 @@ CONFIG_IIO=m # CONFIG_IKHEADERS is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -2590,6 +2595,7 @@ CONFIG_KARMA_PARTITION=y # CONFIG_KASAN_OUTLINE is not set # CONFIG_KASAN_VMALLOC is not set # CONFIG_KCOV is not set +# CONFIG_KCSAN is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_DEFAULT_ENABLE=0x0 CONFIG_KDB_KEYBOARD=y @@ -3650,6 +3656,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y diff --git a/kernel.spec b/kernel.spec index 6ea2fd48d..1b69f8639 100755 --- a/kernel.spec +++ b/kernel.spec @@ -56,7 +56,7 @@ Summary: The Linux kernel # For a stable, released kernel, released_kernel should be 1. %global released_kernel 0 -%global distro_build 0.rc7.20201209gita68a0262abda.95 +%global distro_build 0.rc7.20201211git33dc9614dc20.97 %if 0%{?fedora} %define secure_boot_arch x86_64 @@ -97,13 +97,13 @@ Summary: The Linux kernel %endif %define rpmversion 5.10.0 -%define pkgrelease 0.rc7.20201209gita68a0262abda.95 +%define pkgrelease 0.rc7.20201211git33dc9614dc20.97 # This is needed to do merge window version magic %define patchlevel 10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc7.20201209gita68a0262abda.95%{?buildid}%{?dist} +%define specrelease 0.rc7.20201211git33dc9614dc20.97%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -590,7 +590,7 @@ BuildRequires: asciidoc # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-20201209gita68a0262abda.tar.xz +Source0: linux-20201211git33dc9614dc20.tar.xz Source1: Makefile.rhelver @@ -1235,8 +1235,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-20201209gita68a0262abda -c -mv linux-20201209gita68a0262abda linux-%{KVERREL} +%setup -q -n kernel-20201211git33dc9614dc20 -c +mv linux-20201211git33dc9614dc20 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -2725,8 +2725,7 @@ fi # # %changelog -* Wed Dec 09 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.10.0-0.rc7.20201209gita68a0262abda.95] -- Temporarily backout parallel xz script ("Justin M. Forbes") +* Fri Dec 11 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.10.0-0.rc7.20201211git33dc9614dc20.97] - Remove cp instruction already handled in instruction below. ("Paulo E. Castro") - Add all the dependencies gleaned from running `make prepare` on a bloated devel kernel. ("Paulo E. Castro") - Add tools to path mangling script. ("Paulo E. Castro") @@ -2752,10 +2751,32 @@ fi - run_kabi-dw.sh: Fix syntax flagged by shellcheck (Ben Crocker) - mod-blacklist.sh: Fix syntax flagged by shellcheck (Ben Crocker) - scripts/configdiff.sh: Fix syntax flagged by shellcheck (Ben Crocker) -- self-test/0001-shellcheck.bats: check for shellcheck (Ben Crocker) -- self-test/1001-rpmlint.bats, 1003-rpminspect.bats (Ben Crocker) -- Makefile, Makefile.common, egit.sh, 1005-dist-dump-variables.bats (Ben Crocker) -- Add GIT macro to Makefile and Makefile.common: (Ben Crocker) + +* Fri Dec 11 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.10.0-0.rc7.20201211git33dc9614dc20.96] +- redhat: explicitly disable CONFIG_IMA_APPRAISE_SIGNED_INIT (Bruno Meneguele) +- redhat: enable CONFIG_EVM_LOAD_X509 on ARK (Bruno Meneguele) +- redhat: enable CONFIG_EVM_ATTR_FSUUID on ARK (Bruno Meneguele) +- redhat: enable CONFIG_EVM in all arches and flavors (Bruno Meneguele) +- redhat: enable CONFIG_IMA_LOAD_X509 on ARK (Bruno Meneguele) +- redhat: set CONFIG_IMA_DEFAULT_HASH to SHA256 (Bruno Meneguele) +- redhat: enable CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT (Bruno Meneguele) +- redhat: enable CONFIG_IMA_READ_POLICY on ARK (Bruno Meneguele) +- redhat: set default IMA template for all ARK arches (Bruno Meneguele) +- redhat: enable CONFIG_IMA_DEFAULT_HASH_SHA256 for all flavors (Bruno Meneguele) +- redhat: disable CONFIG_IMA_DEFAULT_HASH_SHA1 (Bruno Meneguele) +- redhat: enable CONFIG_IMA_ARCH_POLICY for ppc and x86 (Bruno Meneguele) +- redhat: enable CONFIG_IMA_APPRAISE_MODSIG (Bruno Meneguele) +- redhat: enable CONFIG_IMA_APPRAISE_BOOTPARAM (Bruno Meneguele) +- redhat: enable CONFIG_IMA_APPRAISE (Bruno Meneguele) +- redhat: enable CONFIG_INTEGRITY for aarch64 (Bruno Meneguele) +- Temporarily backout parallel xz script ("Justin M. Forbes") +- New configs in drivers/mfd (Fedora Kernel Team) +- New configs in drivers/mfd ("CKI@GitLab") +- New configs in drivers/firmware (Fedora Kernel Team) + +* Thu Dec 10 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.10.0-0.rc7.20201210gita2f5ea9e314b.95] +- kernel: Update some missing KASAN/KCSAN options (Jeremy Linton) +- kernel: Enable coresight on aarch64 (Jeremy Linton) * Wed Dec 09 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.10.0-0.rc7.20201209gita68a0262abda.94] - Update CONFIG_INET6_ESPINTCP (Justin Forbes) diff --git a/patch-5.10.0-redhat.patch b/patch-5.10.0-redhat.patch index a71a191bf..35420ab6f 100644 --- a/patch-5.10.0-redhat.patch +++ b/patch-5.10.0-redhat.patch @@ -2628,7 +2628,7 @@ index ab7eea01ab42..fff7c5f737fc 100644 int rmi_register_transport_device(struct rmi_transport_dev *xport); diff --git a/include/linux/security.h b/include/linux/security.h -index bc2725491560..079bea163ba1 100644 +index 39642626a707..17d55164b892 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -456,6 +456,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); @@ -1,3 +1,3 @@ -SHA512 (linux-20201209gita68a0262abda.tar.xz) = 7a47f8587a51db41dcbbb1f0db89744df69cdd7518a447c4674b3e1c14cd4bd171c48784b80eb16f0cb6b0cbfea92439daced287f10203c4763e5f2a0cef9824 -SHA512 (kernel-abi-whitelists-5.10.0-0.rc7.20201209gita68a0262abda.95.tar.bz2) = a6a4ac99cb5ecb69d0a193e27eb04e06647f216cde6f993e8683a33f52387e1549612f93607bf5be6a54eab88966dd0a36cbd871d3ac7ef050513cd37ea9878f -SHA512 (kernel-kabi-dw-5.10.0-0.rc7.20201209gita68a0262abda.95.tar.bz2) = f05e0ffedbe6945f6297019eb790042d0e6e70adae0fbe663c7e8b3a36c5db9c8d37de2ec326732960127a197979f70f568f8273b31cc8916b01fd6dcf35553e +SHA512 (linux-20201211git33dc9614dc20.tar.xz) = 8ba0768cb918ff27ae82ee4c9631e23cc21c23815d2c9d9c7e162cb0970842efb40c5692b4c2da4ac0c7784143a970201c3e7298fbf1dd688b50b2e6f7ef2387 +SHA512 (kernel-abi-whitelists-5.10.0-0.rc7.20201211git33dc9614dc20.97.tar.bz2) = 81318457d22867a416cfa744f5a04c859af0a79c7046f66dcc7a1f4b74deb5a64e1e7b2ef1b80ecd72f8377123ba57d9878228efa5caf8b191d98b1d4bb8d11b +SHA512 (kernel-kabi-dw-5.10.0-0.rc7.20201211git33dc9614dc20.97.tar.bz2) = 03f00c562085c0e6d6b3d8cd350e45bcb3301215572029520136af00a2c776dc8fe5354a6af9243cc4dbd414c39dd8ee93855dade3878eb49e8fa2fef57f310e |