From bb540d20c6388d18e5977f14f35f96318be223e1 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 19 Feb 2018 10:40:39 -0800 Subject: Enable IMA (rhbz 790008) --- configs/fedora/generic/CONFIG_IMA | 2 +- configs/fedora/generic/CONFIG_IMA_APPRAISE | 1 + configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM | 1 + configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING | 1 + ...IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY | 1 + configs/fedora/generic/CONFIG_IMA_LOAD_X509 | 1 + configs/fedora/generic/CONFIG_IMA_READ_POLICY | 1 + configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING | 1 + configs/fedora/generic/CONFIG_IMA_WRITE_POLICY | 1 + configs/fedora/generic/CONFIG_INTEGRITY | 2 +- .../fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS | 1 + configs/fedora/generic/CONFIG_INTEGRITY_AUDIT | 1 + configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE | 1 + configs/fedora/generic/CONFIG_TCG_TIS | 2 +- configs/fedora/generic/CONFIG_TCG_TPM | 2 +- kernel-aarch64-debug.config | 19 +++++++++++++++---- kernel-aarch64.config | 19 +++++++++++++++---- kernel-armv7hl-debug.config | 19 +++++++++++++++---- kernel-armv7hl-lpae-debug.config | 19 +++++++++++++++---- kernel-armv7hl-lpae.config | 19 +++++++++++++++---- kernel-armv7hl.config | 19 +++++++++++++++---- kernel-i686-PAE.config | 19 +++++++++++++++---- kernel-i686-PAEdebug.config | 19 +++++++++++++++---- kernel-i686-debug.config | 19 +++++++++++++++---- kernel-i686.config | 19 +++++++++++++++---- kernel-ppc64-debug.config | 15 +++++++++++++-- kernel-ppc64.config | 15 +++++++++++++-- kernel-ppc64le-debug.config | 15 +++++++++++++-- kernel-ppc64le.config | 15 +++++++++++++-- kernel-s390x-debug.config | 19 +++++++++++++++---- kernel-s390x.config | 19 +++++++++++++++---- kernel-x86_64-debug.config | 19 +++++++++++++++---- kernel-x86_64.config | 19 +++++++++++++++---- kernel.spec | 3 +++ rebase-notes.txt | 3 +++ 35 files changed, 283 insertions(+), 68 deletions(-) create mode 100644 configs/fedora/generic/CONFIG_IMA_APPRAISE create mode 100644 configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM create mode 100644 configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING create mode 100644 configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY create mode 100644 configs/fedora/generic/CONFIG_IMA_LOAD_X509 create mode 100644 configs/fedora/generic/CONFIG_IMA_READ_POLICY create mode 100644 configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING create mode 100644 configs/fedora/generic/CONFIG_IMA_WRITE_POLICY create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_AUDIT create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE diff --git a/configs/fedora/generic/CONFIG_IMA b/configs/fedora/generic/CONFIG_IMA index 83a06345b..752982bdd 100644 --- a/configs/fedora/generic/CONFIG_IMA +++ b/configs/fedora/generic/CONFIG_IMA @@ -1 +1 @@ -# CONFIG_IMA is not set +CONFIG_IMA=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE new file mode 100644 index 000000000..da04fd67d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM new file mode 100644 index 000000000..000a58fb6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE_BOOTPARAM=y diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING new file mode 100644 index 000000000..5329626fb --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING @@ -0,0 +1 @@ +# CONFIG_IMA_BLACKLIST_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY new file mode 100644 index 000000000..08056234d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY @@ -0,0 +1 @@ +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 new file mode 100644 index 000000000..00d39701b --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 @@ -0,0 +1 @@ +# CONFIG_IMA_LOAD_X509 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_READ_POLICY b/configs/fedora/generic/CONFIG_IMA_READ_POLICY new file mode 100644 index 000000000..8f280d803 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_READ_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_READ_POLICY=y diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING new file mode 100644 index 000000000..d27057dad --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING @@ -0,0 +1 @@ +CONFIG_IMA_TRUSTED_KEYRING=y diff --git a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY new file mode 100644 index 000000000..e54ce85d7 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_WRITE_POLICY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY b/configs/fedora/generic/CONFIG_INTEGRITY index 5dd074057..a3524cb6b 100644 --- a/configs/fedora/generic/CONFIG_INTEGRITY +++ b/configs/fedora/generic/CONFIG_INTEGRITY @@ -1 +1 @@ -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS new file mode 100644 index 000000000..a1485b903 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS @@ -0,0 +1 @@ +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT new file mode 100644 index 000000000..09d5db2b6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT @@ -0,0 +1 @@ +CONFIG_INTEGRITY_AUDIT=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE new file mode 100644 index 000000000..2d104809d --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE @@ -0,0 +1 @@ +CONFIG_INTEGRITY_SIGNATURE=y diff --git a/configs/fedora/generic/CONFIG_TCG_TIS b/configs/fedora/generic/CONFIG_TCG_TIS index b119645b2..eb9a4ccac 100644 --- a/configs/fedora/generic/CONFIG_TCG_TIS +++ b/configs/fedora/generic/CONFIG_TCG_TIS @@ -1 +1 @@ -CONFIG_TCG_TIS=m +CONFIG_TCG_TIS=y diff --git a/configs/fedora/generic/CONFIG_TCG_TPM b/configs/fedora/generic/CONFIG_TCG_TPM index 8c2c3b86d..07d9499c1 100644 --- a/configs/fedora/generic/CONFIG_TCG_TPM +++ b/configs/fedora/generic/CONFIG_TCG_TPM @@ -1 +1 @@ -CONFIG_TCG_TPM=m +CONFIG_TCG_TPM=y diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index a6ffc594a..023854fb8 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2203,9 +2203,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2325,7 +2333,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5679,12 +5690,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-aarch64.config b/kernel-aarch64.config index f7dd6976b..c48f5703a 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2185,9 +2185,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2307,7 +2315,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5655,12 +5666,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 31b5f3a2a..59f12cd97 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2328,9 +2328,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2469,7 +2477,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6148,12 +6159,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 815a6e652..47770a418 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2214,9 +2214,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2338,7 +2346,10 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5748,12 +5759,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index c098694be..5640a3557 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2196,9 +2196,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2320,7 +2328,10 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5724,12 +5735,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 74755df13..640802611 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2310,9 +2310,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2451,7 +2459,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6124,12 +6135,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index f229490b9..4e3b941a3 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2172,7 +2180,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 178a17e84..8472d4886 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2191,7 +2199,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 8d95bff0e..4d9582fb6 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2191,7 +2199,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686.config b/kernel-i686.config index bd88ced88..ef61f09ce 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2172,7 +2180,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 82d89af16..eb1ec4f35 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -1960,9 +1960,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2076,7 +2084,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5121,11 +5132,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64.config b/kernel-ppc64.config index 65be666c5..9ad2854ea 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -1941,9 +1941,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2057,7 +2065,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5096,11 +5107,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 6beb468b0..6d64d5688 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1905,9 +1905,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2021,7 +2029,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5049,11 +5060,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 2ce40e324..46135f8d5 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1886,9 +1886,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2002,7 +2010,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5024,11 +5035,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index 498a8baf6..37d0c7546 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1860,9 +1860,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1976,7 +1984,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4943,12 +4954,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-s390x.config b/kernel-s390x.config index 372982208..0044620f8 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1841,9 +1841,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1957,7 +1965,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4918,12 +4929,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 738e9f1aa..ec08afc9d 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2118,9 +2118,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2242,7 +2250,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5440,12 +5451,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 0b69252a2..953d0d99f 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2099,9 +2099,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2223,7 +2231,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5417,12 +5428,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel.spec b/kernel.spec index 38f5756dd..1f499bf82 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1872,6 +1872,9 @@ fi # # %changelog +* Mon Feb 19 2018 Laura Abbott +- Enable IMA (rhbz 790008) + * Mon Feb 19 2018 Jeremy Cline - 4.16.0-0.rc2.git0.1 - Linux v4.16-rc2 diff --git a/rebase-notes.txt b/rebase-notes.txt index 85e185c03..937c43e22 100644 --- a/rebase-notes.txt +++ b/rebase-notes.txt @@ -1,3 +1,6 @@ +Linux 4.16 rebase notes: +- Consider turning off all the IMA features? + Linux 4.15 rebase notes: - Disable power-management features enabled for F28+ -Set CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 -- cgit