diff options
35 files changed, 69 insertions, 280 deletions
diff --git a/configs/fedora/generic/CONFIG_IMA b/configs/fedora/generic/CONFIG_IMA index 752982bdd..83a06345b 100644 --- a/configs/fedora/generic/CONFIG_IMA +++ b/configs/fedora/generic/CONFIG_IMA @@ -1 +1 @@ -CONFIG_IMA=y +# CONFIG_IMA is not set diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE deleted file mode 100644 index da04fd67d..000000000 --- a/configs/fedora/generic/CONFIG_IMA_APPRAISE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_APPRAISE=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM deleted file mode 100644 index 000a58fb6..000000000 --- a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_APPRAISE_BOOTPARAM=y diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING deleted file mode 100644 index 5329626fb..000000000 --- a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_IMA_BLACKLIST_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY deleted file mode 100644 index 08056234d..000000000 --- a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 deleted file mode 100644 index 00d39701b..000000000 --- a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_IMA_LOAD_X509 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_READ_POLICY b/configs/fedora/generic/CONFIG_IMA_READ_POLICY deleted file mode 100644 index 8f280d803..000000000 --- a/configs/fedora/generic/CONFIG_IMA_READ_POLICY +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_READ_POLICY=y diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING deleted file mode 100644 index d27057dad..000000000 --- a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_TRUSTED_KEYRING=y diff --git a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY deleted file mode 100644 index e54ce85d7..000000000 --- a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY +++ /dev/null @@ -1 +0,0 @@ -CONFIG_IMA_WRITE_POLICY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY b/configs/fedora/generic/CONFIG_INTEGRITY index a3524cb6b..5dd074057 100644 --- a/configs/fedora/generic/CONFIG_INTEGRITY +++ b/configs/fedora/generic/CONFIG_INTEGRITY @@ -1 +1 @@ -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS deleted file mode 100644 index a1485b903..000000000 --- a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT deleted file mode 100644 index 09d5db2b6..000000000 --- a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEGRITY_AUDIT=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE deleted file mode 100644 index 2d104809d..000000000 --- a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INTEGRITY_SIGNATURE=y diff --git a/configs/fedora/generic/CONFIG_TCG_TIS b/configs/fedora/generic/CONFIG_TCG_TIS index eb9a4ccac..b119645b2 100644 --- a/configs/fedora/generic/CONFIG_TCG_TIS +++ b/configs/fedora/generic/CONFIG_TCG_TIS @@ -1 +1 @@ -CONFIG_TCG_TIS=y +CONFIG_TCG_TIS=m diff --git a/configs/fedora/generic/CONFIG_TCG_TPM b/configs/fedora/generic/CONFIG_TCG_TPM index 07d9499c1..8c2c3b86d 100644 --- a/configs/fedora/generic/CONFIG_TCG_TPM +++ b/configs/fedora/generic/CONFIG_TCG_TPM @@ -1 +1 @@ -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index e2c0ad429..c374cf75d 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2205,17 +2205,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2335,10 +2327,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5692,12 +5681,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-aarch64.config b/kernel-aarch64.config index f241c8b02..52fac6573 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2187,17 +2187,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2317,10 +2309,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5668,12 +5657,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 06be2a125..629a557f6 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2329,17 +2329,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2478,10 +2470,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6161,12 +6150,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 62269a667..fba8d9eb9 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2215,17 +2215,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2347,10 +2339,7 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5760,12 +5749,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index e3af01fce..7937d0aab 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2197,17 +2197,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2329,10 +2321,7 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5736,12 +5725,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 105731a57..d088a96b5 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2311,17 +2311,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2460,10 +2452,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6137,12 +6126,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index 7add60bd6..33ba37169 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -2052,17 +2052,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2180,10 +2172,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5338,12 +5327,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 41689a39e..6f233be72 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -2071,17 +2071,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2199,10 +2191,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5361,12 +5350,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index abfac8c54..4110eac33 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2071,17 +2071,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2199,10 +2191,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5361,12 +5350,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686.config b/kernel-i686.config index e2b0ac96c..b27e37c6c 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2052,17 +2052,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2180,10 +2172,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5338,12 +5327,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 3289affb3..68ea3984b 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -1960,17 +1960,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2084,10 +2076,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5132,11 +5121,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64.config b/kernel-ppc64.config index f211e4b89..f40057455 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -1941,17 +1941,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2065,10 +2057,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5107,11 +5096,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 59b3e81bc..a1638aaeb 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1905,17 +1905,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2029,10 +2021,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5060,11 +5049,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 93ed61ad6..b29251361 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1886,17 +1886,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2010,10 +2002,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5035,11 +5024,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index c05b3c585..d10cbe38b 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1860,17 +1860,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1984,10 +1976,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4954,12 +4943,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-s390x.config b/kernel-s390x.config index 21eafc9b8..d914c23c0 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1841,17 +1841,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1965,10 +1957,7 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4929,12 +4918,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 0b83aa306..9f2bcacc1 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2118,17 +2118,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2250,10 +2242,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5452,12 +5441,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 2b62f36a1..ddd640e07 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2099,17 +2099,9 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y -# CONFIG_IMA_LOAD_X509 is not set +# CONFIG_IMA is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_TRUSTED_KEYRING=y -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2231,10 +2223,7 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY is not set # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5429,12 +5418,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set +CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TIS=y -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel.spec b/kernel.spec index 3f6695476..9708b55f1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1873,6 +1873,7 @@ fi %changelog * Mon Mar 12 2018 Jeremy Cline <jeremy@jcline.org> - 4.16.0-0.rc5.git0.1 - Linux v4.16-rc5 +- Disable IMA (rhbz 790008) * Mon Mar 12 2018 Jeremy Cline <jeremy@jcline.org> - Disable debugging options. diff --git a/rebase-notes.txt b/rebase-notes.txt index 937c43e22..85e185c03 100644 --- a/rebase-notes.txt +++ b/rebase-notes.txt @@ -1,6 +1,3 @@ -Linux 4.16 rebase notes: -- Consider turning off all the IMA features? - Linux 4.15 rebase notes: - Disable power-management features enabled for F28+ -Set CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 |