From bb540d20c6388d18e5977f14f35f96318be223e1 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 19 Feb 2018 10:40:39 -0800 Subject: Enable IMA (rhbz 790008) --- configs/fedora/generic/CONFIG_IMA | 2 +- configs/fedora/generic/CONFIG_IMA_APPRAISE | 1 + configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM | 1 + configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING | 1 + ...IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY | 1 + configs/fedora/generic/CONFIG_IMA_LOAD_X509 | 1 + configs/fedora/generic/CONFIG_IMA_READ_POLICY | 1 + configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING | 1 + configs/fedora/generic/CONFIG_IMA_WRITE_POLICY | 1 + configs/fedora/generic/CONFIG_INTEGRITY | 2 +- .../fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS | 1 + configs/fedora/generic/CONFIG_INTEGRITY_AUDIT | 1 + configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE | 1 + configs/fedora/generic/CONFIG_TCG_TIS | 2 +- configs/fedora/generic/CONFIG_TCG_TPM | 2 +- kernel-aarch64-debug.config | 19 +++++++++++++++---- kernel-aarch64.config | 19 +++++++++++++++---- kernel-armv7hl-debug.config | 19 +++++++++++++++---- kernel-armv7hl-lpae-debug.config | 19 +++++++++++++++---- kernel-armv7hl-lpae.config | 19 +++++++++++++++---- kernel-armv7hl.config | 19 +++++++++++++++---- kernel-i686-PAE.config | 19 +++++++++++++++---- kernel-i686-PAEdebug.config | 19 +++++++++++++++---- kernel-i686-debug.config | 19 +++++++++++++++---- kernel-i686.config | 19 +++++++++++++++---- kernel-ppc64-debug.config | 15 +++++++++++++-- kernel-ppc64.config | 15 +++++++++++++-- kernel-ppc64le-debug.config | 15 +++++++++++++-- kernel-ppc64le.config | 15 +++++++++++++-- kernel-s390x-debug.config | 19 +++++++++++++++---- kernel-s390x.config | 19 +++++++++++++++---- kernel-x86_64-debug.config | 19 +++++++++++++++---- kernel-x86_64.config | 19 +++++++++++++++---- kernel.spec | 3 +++ rebase-notes.txt | 3 +++ 35 files changed, 283 insertions(+), 68 deletions(-) create mode 100644 configs/fedora/generic/CONFIG_IMA_APPRAISE create mode 100644 configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM create mode 100644 configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING create mode 100644 configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY create mode 100644 configs/fedora/generic/CONFIG_IMA_LOAD_X509 create mode 100644 configs/fedora/generic/CONFIG_IMA_READ_POLICY create mode 100644 configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING create mode 100644 configs/fedora/generic/CONFIG_IMA_WRITE_POLICY create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_AUDIT create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE diff --git a/configs/fedora/generic/CONFIG_IMA b/configs/fedora/generic/CONFIG_IMA index 83a06345b..752982bdd 100644 --- a/configs/fedora/generic/CONFIG_IMA +++ b/configs/fedora/generic/CONFIG_IMA @@ -1 +1 @@ -# CONFIG_IMA is not set +CONFIG_IMA=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE new file mode 100644 index 000000000..da04fd67d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM new file mode 100644 index 000000000..000a58fb6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE_BOOTPARAM=y diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING new file mode 100644 index 000000000..5329626fb --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING @@ -0,0 +1 @@ +# CONFIG_IMA_BLACKLIST_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY new file mode 100644 index 000000000..08056234d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY @@ -0,0 +1 @@ +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 new file mode 100644 index 000000000..00d39701b --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 @@ -0,0 +1 @@ +# CONFIG_IMA_LOAD_X509 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_READ_POLICY b/configs/fedora/generic/CONFIG_IMA_READ_POLICY new file mode 100644 index 000000000..8f280d803 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_READ_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_READ_POLICY=y diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING new file mode 100644 index 000000000..d27057dad --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING @@ -0,0 +1 @@ +CONFIG_IMA_TRUSTED_KEYRING=y diff --git a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY new file mode 100644 index 000000000..e54ce85d7 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_WRITE_POLICY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY b/configs/fedora/generic/CONFIG_INTEGRITY index 5dd074057..a3524cb6b 100644 --- a/configs/fedora/generic/CONFIG_INTEGRITY +++ b/configs/fedora/generic/CONFIG_INTEGRITY @@ -1 +1 @@ -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS new file mode 100644 index 000000000..a1485b903 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS @@ -0,0 +1 @@ +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT new file mode 100644 index 000000000..09d5db2b6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT @@ -0,0 +1 @@ +CONFIG_INTEGRITY_AUDIT=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE new file mode 100644 index 000000000..2d104809d --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE @@ -0,0 +1 @@ +CONFIG_INTEGRITY_SIGNATURE=y diff --git a/configs/fedora/generic/CONFIG_TCG_TIS b/configs/fedora/generic/CONFIG_TCG_TIS index b119645b2..eb9a4ccac 100644 --- a/configs/fedora/generic/CONFIG_TCG_TIS +++ b/configs/fedora/generic/CONFIG_TCG_TIS @@ -1 +1 @@ -CONFIG_TCG_TIS=m +CONFIG_TCG_TIS=y diff --git a/configs/fedora/generic/CONFIG_TCG_TPM b/configs/fedora/generic/CONFIG_TCG_TPM index 8c2c3b86d..07d9499c1 100644 --- a/configs/fedora/generic/CONFIG_TCG_TPM +++ b/configs/fedora/generic/CONFIG_TCG_TPM @@ -1 +1 @@ -CONFIG_TCG_TPM=m +CONFIG_TCG_TPM=y diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index a6ffc594a..023854fb8 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2203,9 +2203,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2325,7 +2333,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5679,12 +5690,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-aarch64.config b/kernel-aarch64.config index f7dd6976b..c48f5703a 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2185,9 +2185,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2307,7 +2315,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5655,12 +5666,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 31b5f3a2a..59f12cd97 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2328,9 +2328,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2469,7 +2477,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6148,12 +6159,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 815a6e652..47770a418 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2214,9 +2214,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2338,7 +2346,10 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5748,12 +5759,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index c098694be..5640a3557 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2196,9 +2196,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMX_IPUV3_CORE is not set # CONFIG_INA2XX_ADC is not set @@ -2320,7 +2328,10 @@ CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5724,12 +5735,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 74755df13..640802611 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2310,9 +2310,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set CONFIG_IMX2_WDT=m CONFIG_IMX7D_ADC=m @@ -2451,7 +2459,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -6124,12 +6135,12 @@ CONFIG_TCG_NSC=m CONFIG_TCG_TIS_I2C_ATMEL=m CONFIG_TCG_TIS_I2C_INFINEON=m # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index f229490b9..4e3b941a3 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2172,7 +2180,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 178a17e84..8472d4886 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2191,7 +2199,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 8d95bff0e..4d9582fb6 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2071,9 +2071,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2191,7 +2199,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5350,12 +5361,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-i686.config b/kernel-i686.config index bd88ced88..ef61f09ce 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2052,9 +2052,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2172,7 +2180,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5327,12 +5338,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 82d89af16..eb1ec4f35 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -1960,9 +1960,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2076,7 +2084,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5121,11 +5132,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64.config b/kernel-ppc64.config index 65be666c5..9ad2854ea 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -1941,9 +1941,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2057,7 +2065,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5096,11 +5107,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 6beb468b0..6d64d5688 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1905,9 +1905,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2021,7 +2029,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5049,11 +5060,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 2ce40e324..46135f8d5 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1886,9 +1886,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2002,7 +2010,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -5024,11 +5035,11 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set +CONFIG_TCG_TIS=y # CONFIG_TCG_TPM is not set # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index 498a8baf6..37d0c7546 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1860,9 +1860,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1976,7 +1984,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4943,12 +4954,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-s390x.config b/kernel-s390x.config index 372982208..0044620f8 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1841,9 +1841,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -1957,7 +1965,10 @@ CONFIG_INPUT_WISTRON_BTNS=m CONFIG_INPUT_WM831X_ON=m CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_IDMA64 is not set CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m # CONFIG_INTEL_SOC_PMIC is not set @@ -4918,12 +4929,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 738e9f1aa..ec08afc9d 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2118,9 +2118,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2242,7 +2250,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5440,12 +5451,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 0b69252a2..953d0d99f 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2099,9 +2099,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y # CONFIG_IKCONFIG is not set -# CONFIG_IMA is not set +CONFIG_IMA_APPRAISE_BOOTPARAM=y +CONFIG_IMA_APPRAISE=y +# CONFIG_IMA_BLACKLIST_KEYRING is not set +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y +# CONFIG_IMA_LOAD_X509 is not set CONFIG_IMA_LSM_RULES=y CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_READ_POLICY=y +CONFIG_IMA_TRUSTED_KEYRING=y +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA=y # CONFIG_IMG_ASCII_LCD is not set # CONFIG_INA2XX_ADC is not set CONFIG_INET6_AH=m @@ -2223,7 +2231,10 @@ CONFIG_INPUT=y CONFIG_INPUT_YEALINK=m CONFIG_INT3406_THERMAL=m CONFIG_INT340X_THERMAL=m -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY=y # CONFIG_INTEL_ATOMISP is not set CONFIG_INTEL_BXT_PMIC_THERMAL=m CONFIG_INTEL_CHTDC_TI_PWRBTN=m @@ -5417,12 +5428,12 @@ CONFIG_TCG_NSC=m # CONFIG_TCG_TIS_I2C_ATMEL is not set # CONFIG_TCG_TIS_I2C_INFINEON is not set # CONFIG_TCG_TIS_I2C_NUVOTON is not set -CONFIG_TCG_TIS=m # CONFIG_TCG_TIS_SPI is not set # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24 is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set -CONFIG_TCG_TPM=m +CONFIG_TCG_TIS=y +CONFIG_TCG_TPM=y # CONFIG_TCG_VTPM_PROXY is not set # CONFIG_TCG_XEN is not set CONFIG_TCM_FC=m diff --git a/kernel.spec b/kernel.spec index 38f5756dd..1f499bf82 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1872,6 +1872,9 @@ fi # # %changelog +* Mon Feb 19 2018 Laura Abbott +- Enable IMA (rhbz 790008) + * Mon Feb 19 2018 Jeremy Cline - 4.16.0-0.rc2.git0.1 - Linux v4.16-rc2 diff --git a/rebase-notes.txt b/rebase-notes.txt index 85e185c03..937c43e22 100644 --- a/rebase-notes.txt +++ b/rebase-notes.txt @@ -1,3 +1,6 @@ +Linux 4.16 rebase notes: +- Consider turning off all the IMA features? + Linux 4.15 rebase notes: - Disable power-management features enabled for F28+ -Set CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 -- cgit From e33877912b915f4d52597a5c346c48547e17c0bb Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 19 Feb 2018 17:21:49 -0600 Subject: Add kernel-tools reminder for rc script --- scripts/rawhide-rc.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/rawhide-rc.sh b/scripts/rawhide-rc.sh index 40f32a8fe..ba8b467b2 100755 --- a/scripts/rawhide-rc.sh +++ b/scripts/rawhide-rc.sh @@ -45,3 +45,5 @@ perl -p -i -e 's|%define gitrev.*|%define gitrev 0|' kernel.spec perl -p -i -e 's|%global baserelease.*|%global baserelease 0|' kernel.spec rpmdev-bumpspec -c "Linux v4.$BASE-rc$RC" kernel.spec + +echo "Don't forget to bump kernel-tools" -- cgit From cf8332750da9f4bcfdba867e4a5cc5b24cf7573d Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Tue, 20 Feb 2018 11:13:12 -0500 Subject: Linux v4.16-rc2-62-g79c0ef3e85c0 --- gitrev | 2 +- kernel.spec | 13 +++++++++---- sources | 1 + 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/gitrev b/gitrev index cd03a3884..62e1aaaaa 100644 --- a/gitrev +++ b/gitrev @@ -1 +1 @@ -1388c80438e69fc01d83fbe98da3cac24c3c8731 +79c0ef3e85c015b0921a8fd5dd539d1480e9cd6c diff --git a/kernel.spec b/kernel.spec index 1f499bf82..357b1c944 100644 --- a/kernel.spec +++ b/kernel.spec @@ -69,7 +69,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 2 # The git snapshot level -%define gitrev 0 +%define gitrev 1 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -124,7 +124,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 1 +%define debugbuildsenabled 0 %if %{with_verbose} %define make_opts V=1 @@ -1522,7 +1522,7 @@ BuildKernel() { find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -exec rm -f {} \; # build a BLS config for this kernel - ./generate_bls_conf.sh "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" + %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" } ### @@ -1834,7 +1834,7 @@ fi /lib/modules/%{KVERREL}%{?3:+%{3}}/build\ /lib/modules/%{KVERREL}%{?3:+%{3}}/source\ /lib/modules/%{KVERREL}%{?3:+%{3}}/updates\ -/lib/modules/%{KVERREL}%{?2:+%{2}}/bls.conf\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/bls.conf\ %if %{1}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\ /etc/ld.so.conf.d/kernel-%{KVERREL}%{?3:+%{3}}.conf\ @@ -1872,6 +1872,11 @@ fi # # %changelog +* Tue Feb 20 2018 Jeremy Cline - 4.16.0-0.rc2.git1.1 +- Linux v4.16-rc2-62-g79c0ef3e85c0 +- Reenable debugging options +- Fix build problems with BLS + * Mon Feb 19 2018 Laura Abbott - Enable IMA (rhbz 790008) diff --git a/sources b/sources index 40e49f92f..b79821886 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (linux-4.15.tar.xz) = c00d92659df815a53dcac7dde145b742b1f20867d380c07cb09ddb3295d6ff10f8931b21ef0b09d7156923a3957b39d74d87c883300173b2e20690d2b4ec35ea SHA512 (patch-4.16-rc2.xz) = 3b72039fee7a481ed6a491a5795b9f1184c8fb4597a96332b513856f82a4410bbffa5bf61b59ec7b6ed4f789b22027d3f20d91b024b9fd3afbbd9ff56499cb8e +SHA512 (patch-4.16-rc2-git1.xz) = b23653b0deaa753447e98b871e036e2d8af3bd31e42ccfc6c511a3f9b9664d698cb7832497bbaab33521cb3bd48f9bba4a2ff5f458ced50794c876687b8e3b4e -- cgit