From 01acffc31a2413bc0241894c9c6e0e846221e807 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Wed, 29 Jan 2020 13:15:29 +0000 Subject: ima: enable system extra cert to enable adding an extra cert without needing custom kernels --- configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE | 2 +- configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE | 1 + kernel-aarch64-debug-fedora.config | 3 ++- kernel-aarch64-fedora.config | 3 ++- kernel-armv7hl-debug-fedora.config | 3 ++- kernel-armv7hl-fedora.config | 3 ++- kernel-armv7hl-lpae-debug-fedora.config | 3 ++- kernel-armv7hl-lpae-fedora.config | 3 ++- kernel-i686-debug-fedora.config | 3 ++- kernel-i686-fedora.config | 3 ++- kernel-ppc64le-debug-fedora.config | 3 ++- kernel-ppc64le-fedora.config | 3 ++- kernel-s390x-debug-fedora.config | 3 ++- kernel-s390x-fedora.config | 3 ++- kernel-x86_64-debug-fedora.config | 3 ++- kernel-x86_64-fedora.config | 3 ++- 16 files changed, 30 insertions(+), 15 deletions(-) create mode 100644 configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE diff --git a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE index fea571fdc..a831f7ab1 100644 --- a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE +++ b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE @@ -1 +1 @@ -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y diff --git a/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE new file mode 100644 index 000000000..330619e5c --- /dev/null +++ b/configs/fedora/generic/CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE @@ -0,0 +1 @@ +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 diff --git a/kernel-aarch64-debug-fedora.config b/kernel-aarch64-debug-fedora.config index 07f5648ca..e31327bdb 100644 --- a/kernel-aarch64-debug-fedora.config +++ b/kernel-aarch64-debug-fedora.config @@ -6348,7 +6348,8 @@ CONFIG_SYSCTL=y # CONFIG_SYS_HYPERVISOR is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-aarch64-fedora.config b/kernel-aarch64-fedora.config index f7df56d86..f1cba2aaf 100644 --- a/kernel-aarch64-fedora.config +++ b/kernel-aarch64-fedora.config @@ -6326,7 +6326,8 @@ CONFIG_SYSCTL=y # CONFIG_SYS_HYPERVISOR is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-debug-fedora.config b/kernel-armv7hl-debug-fedora.config index 6d57de7ee..23297c058 100644 --- a/kernel-armv7hl-debug-fedora.config +++ b/kernel-armv7hl-debug-fedora.config @@ -6577,7 +6577,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-fedora.config b/kernel-armv7hl-fedora.config index bb4f68341..4312e64d5 100644 --- a/kernel-armv7hl-fedora.config +++ b/kernel-armv7hl-fedora.config @@ -6556,7 +6556,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-lpae-debug-fedora.config b/kernel-armv7hl-lpae-debug-fedora.config index ba386d108..148c87a45 100644 --- a/kernel-armv7hl-lpae-debug-fedora.config +++ b/kernel-armv7hl-lpae-debug-fedora.config @@ -6329,7 +6329,8 @@ CONFIG_SYSCTL=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-armv7hl-lpae-fedora.config b/kernel-armv7hl-lpae-fedora.config index e330ecfb9..db2718fe6 100644 --- a/kernel-armv7hl-lpae-fedora.config +++ b/kernel-armv7hl-lpae-fedora.config @@ -6308,7 +6308,8 @@ CONFIG_SYSCTL=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-i686-debug-fedora.config b/kernel-i686-debug-fedora.config index 3678de469..b5377cc1c 100644 --- a/kernel-i686-debug-fedora.config +++ b/kernel-i686-debug-fedora.config @@ -5722,7 +5722,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-i686-fedora.config b/kernel-i686-fedora.config index 9c8dfe5d7..57ecde102 100644 --- a/kernel-i686-fedora.config +++ b/kernel-i686-fedora.config @@ -5701,7 +5701,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-ppc64le-debug-fedora.config b/kernel-ppc64le-debug-fedora.config index e5a3b8194..b86a50b6c 100644 --- a/kernel-ppc64le-debug-fedora.config +++ b/kernel-ppc64le-debug-fedora.config @@ -5340,7 +5340,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-ppc64le-fedora.config b/kernel-ppc64le-fedora.config index 9a6fe96ed..959591243 100644 --- a/kernel-ppc64le-fedora.config +++ b/kernel-ppc64le-fedora.config @@ -5317,7 +5317,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-s390x-debug-fedora.config b/kernel-s390x-debug-fedora.config index a1bb4356e..59ffebfc0 100644 --- a/kernel-s390x-debug-fedora.config +++ b/kernel-s390x-debug-fedora.config @@ -5275,7 +5275,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-s390x-fedora.config b/kernel-s390x-fedora.config index d472178f9..68f0d3b47 100644 --- a/kernel-s390x-fedora.config +++ b/kernel-s390x-fedora.config @@ -5252,7 +5252,8 @@ CONFIG_SYSCTL=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-x86_64-debug-fedora.config b/kernel-x86_64-debug-fedora.config index 0e5eec2c1..0ac5c0ac5 100644 --- a/kernel-x86_64-debug-fedora.config +++ b/kernel-x86_64-debug-fedora.config @@ -5776,7 +5776,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" diff --git a/kernel-x86_64-fedora.config b/kernel-x86_64-fedora.config index 6779e9683..7a4a1fd8e 100644 --- a/kernel-x86_64-fedora.config +++ b/kernel-x86_64-fedora.config @@ -5755,7 +5755,8 @@ CONFIG_SYSCTL=y CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_KEYRING=y -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 +CONFIG_SYSTEM_EXTRA_CERTIFICATE=y # CONFIG_SYSTEMPORT is not set CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" -- cgit