From 89207621e9e4a9abe5b30315ef9ac0b3a7e7efa0 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Wed, 17 Jul 2019 11:09:36 +0100
Subject: IMA: change default hash from sha1 to sha256, the later is more
 secuure and hence should be the default

---
 configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1   | 2 +-
 configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 | 2 +-
 kernel-aarch64-debug.config                           | 4 ++--
 kernel-aarch64.config                                 | 4 ++--
 kernel-armv7hl-debug.config                           | 4 ++--
 kernel-armv7hl-lpae-debug.config                      | 4 ++--
 kernel-armv7hl-lpae.config                            | 4 ++--
 kernel-armv7hl.config                                 | 4 ++--
 kernel-i686-debug.config                              | 4 ++--
 kernel-i686.config                                    | 4 ++--
 kernel-ppc64le-debug.config                           | 4 ++--
 kernel-ppc64le.config                                 | 4 ++--
 kernel-s390x-debug.config                             | 4 ++--
 kernel-s390x.config                                   | 4 ++--
 kernel-x86_64-debug.config                            | 4 ++--
 kernel-x86_64.config                                  | 4 ++--
 16 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
index f1f433af9..b51889849 100644
--- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
+++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
@@ -1 +1 @@
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
diff --git a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256 b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
index 29bd8f86d..e627fd9e9 100644
--- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
+++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
@@ -1 +1 @@
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index f402b89fd..450a01b0e 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -2448,8 +2448,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index 048499c40..4faef0199 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -2432,8 +2432,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index bd543c222..0a5f43c7f 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -2482,8 +2482,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 8b31da262..31bee654e 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -2400,8 +2400,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index 3e3e73c08..71a48f38c 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -2385,8 +2385,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 00a1a8ebc..97e266b0a 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -2467,8 +2467,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index b529cc042..e5fae92b8 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -2200,8 +2200,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-i686.config b/kernel-i686.config
index 5f81037fb..d4b369150 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2183,8 +2183,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index a119339c7..099f4f1dc 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -2006,8 +2006,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA is not set
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index 3b32d3d73..dda118f4d 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -1989,8 +1989,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA is not set
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index ed1400a80..f0ad5491f 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -1984,8 +1984,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-s390x.config b/kernel-s390x.config
index 5395aff4e..511c3a4ff 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -1967,8 +1967,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 5d092904f..b5bb4a598 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -2245,8 +2245,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 0aadcd337..44d238b32 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -2228,8 +2228,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-- 
cgit