summaryrefslogtreecommitdiffstats
path: root/kernel-x86_64-rhel.config
diff options
context:
space:
mode:
Diffstat (limited to 'kernel-x86_64-rhel.config')
-rw-r--r--kernel-x86_64-rhel.config25
1 files changed, 16 insertions, 9 deletions
diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config
index 31e2b4d88..90d473456 100644
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@@ -1484,7 +1484,8 @@ CONFIG_ETHTOOL_NETLINK=y
CONFIG_EVENT_TRACING=y
# CONFIG_EVM_ADD_XATTRS is not set
CONFIG_EVM_ATTR_FSUUID=y
-# CONFIG_EVM_LOAD_X509 is not set
+CONFIG_EVM_LOAD_X509=y
+CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
CONFIG_EVM=y
# CONFIG_EXFAT_FS is not set
# CONFIG_EXPERT is not set
@@ -2129,24 +2130,28 @@ CONFIG_IIO=m
# CONFIG_IKHEADERS is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
-# CONFIG_IMA_APPRAISE_MODSIG is not set
+CONFIG_IMA_APPRAISE_MODSIG=y
+# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
CONFIG_IMA_APPRAISE=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
# CONFIG_IMA_BLACKLIST_KEYRING is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH="sha256"
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
# CONFIG_IMA_KEXEC is not set
# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
-# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_LOAD_X509=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-# CONFIG_IMA_READ_POLICY is not set
-# CONFIG_IMA_SIG_TEMPLATE is not set
+# CONFIG_IMA_NG_TEMPLATE is not set
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
+CONFIG_IMA_SIG_TEMPLATE=y
# CONFIG_IMA_TEMPLATE is not set
CONFIG_IMA_TRUSTED_KEYRING=y
# CONFIG_IMA_WRITE_POLICY is not set
+CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set
# CONFIG_IMX_SC_WDT is not set
@@ -2590,6 +2595,7 @@ CONFIG_KARMA_PARTITION=y
# CONFIG_KASAN_OUTLINE is not set
# CONFIG_KASAN_VMALLOC is not set
# CONFIG_KCOV is not set
+# CONFIG_KCSAN is not set
CONFIG_KDB_CONTINUE_CATASTROPHIC=0
CONFIG_KDB_DEFAULT_ENABLE=0x0
CONFIG_KDB_KEYBOARD=y
@@ -3650,6 +3656,7 @@ CONFIG_NFS_V3=m
CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org"
# CONFIG_NFS_V4_1_MIGRATION is not set
CONFIG_NFS_V4_1=y
+# CONFIG_NFS_V4_2_READ_PLUS is not set
CONFIG_NFS_V4_2=y
CONFIG_NFS_V4=m
CONFIG_NF_TABLES_ARP=y