diff options
Diffstat (limited to 'kernel-x86_64-debug-rhel.config')
| -rw-r--r-- | kernel-x86_64-debug-rhel.config | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index 1ec3ea3d1..34311e715 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -1492,7 +1492,8 @@ CONFIG_ETHTOOL_NETLINK=y CONFIG_EVENT_TRACING=y # CONFIG_EVM_ADD_XATTRS is not set CONFIG_EVM_ATTR_FSUUID=y -# CONFIG_EVM_LOAD_X509 is not set +CONFIG_EVM_LOAD_X509=y +CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" CONFIG_EVM=y # CONFIG_EXFAT_FS is not set # CONFIG_EXPERT is not set @@ -2145,24 +2146,28 @@ CONFIG_IIO=m # CONFIG_IKHEADERS is not set CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set -# CONFIG_IMA_APPRAISE_MODSIG is not set +CONFIG_IMA_APPRAISE_MODSIG=y +# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set CONFIG_IMA_APPRAISE=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set -CONFIG_IMA_DEFAULT_HASH_SHA1=y -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_DEFAULT_HASH_SHA256=y # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set # CONFIG_IMA_KEXEC is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -# CONFIG_IMA_LOAD_X509 is not set +CONFIG_IMA_LOAD_X509=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SIG_TEMPLATE is not set +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y +CONFIG_IMA_SIG_TEMPLATE=y # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y # CONFIG_IMA_WRITE_POLICY is not set +CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_SC_WDT is not set @@ -2607,6 +2612,7 @@ CONFIG_KASAN_INLINE=y CONFIG_KASAN_VMALLOC=y CONFIG_KASAN=y # CONFIG_KCOV is not set +# CONFIG_KCSAN is not set CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_KDB_DEFAULT_ENABLE=0x0 CONFIG_KDB_KEYBOARD=y @@ -3667,6 +3673,7 @@ CONFIG_NFS_V3=m CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" # CONFIG_NFS_V4_1_MIGRATION is not set CONFIG_NFS_V4_1=y +# CONFIG_NFS_V4_2_READ_PLUS is not set CONFIG_NFS_V4_2=y CONFIG_NFS_V4=m CONFIG_NF_TABLES_ARP=y |