From bb540d20c6388d18e5977f14f35f96318be223e1 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Mon, 19 Feb 2018 10:40:39 -0800 Subject: Enable IMA (rhbz 790008) --- configs/fedora/generic/CONFIG_IMA | 2 +- configs/fedora/generic/CONFIG_IMA_APPRAISE | 1 + configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM | 1 + configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING | 1 + .../generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY | 1 + configs/fedora/generic/CONFIG_IMA_LOAD_X509 | 1 + configs/fedora/generic/CONFIG_IMA_READ_POLICY | 1 + configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING | 1 + configs/fedora/generic/CONFIG_IMA_WRITE_POLICY | 1 + configs/fedora/generic/CONFIG_INTEGRITY | 2 +- configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS | 1 + configs/fedora/generic/CONFIG_INTEGRITY_AUDIT | 1 + configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE | 1 + configs/fedora/generic/CONFIG_TCG_TIS | 2 +- configs/fedora/generic/CONFIG_TCG_TPM | 2 +- 15 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 configs/fedora/generic/CONFIG_IMA_APPRAISE create mode 100644 configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM create mode 100644 configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING create mode 100644 configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY create mode 100644 configs/fedora/generic/CONFIG_IMA_LOAD_X509 create mode 100644 configs/fedora/generic/CONFIG_IMA_READ_POLICY create mode 100644 configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING create mode 100644 configs/fedora/generic/CONFIG_IMA_WRITE_POLICY create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_AUDIT create mode 100644 configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE (limited to 'configs/fedora/generic') diff --git a/configs/fedora/generic/CONFIG_IMA b/configs/fedora/generic/CONFIG_IMA index 83a06345b..752982bdd 100644 --- a/configs/fedora/generic/CONFIG_IMA +++ b/configs/fedora/generic/CONFIG_IMA @@ -1 +1 @@ -# CONFIG_IMA is not set +CONFIG_IMA=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE b/configs/fedora/generic/CONFIG_IMA_APPRAISE new file mode 100644 index 000000000..da04fd67d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE=y diff --git a/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM new file mode 100644 index 000000000..000a58fb6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_APPRAISE_BOOTPARAM @@ -0,0 +1 @@ +CONFIG_IMA_APPRAISE_BOOTPARAM=y diff --git a/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING new file mode 100644 index 000000000..5329626fb --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_BLACKLIST_KEYRING @@ -0,0 +1 @@ +# CONFIG_IMA_BLACKLIST_KEYRING is not set diff --git a/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY new file mode 100644 index 000000000..08056234d --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY @@ -0,0 +1 @@ +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y diff --git a/configs/fedora/generic/CONFIG_IMA_LOAD_X509 b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 new file mode 100644 index 000000000..00d39701b --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_LOAD_X509 @@ -0,0 +1 @@ +# CONFIG_IMA_LOAD_X509 is not set diff --git a/configs/fedora/generic/CONFIG_IMA_READ_POLICY b/configs/fedora/generic/CONFIG_IMA_READ_POLICY new file mode 100644 index 000000000..8f280d803 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_READ_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_READ_POLICY=y diff --git a/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING new file mode 100644 index 000000000..d27057dad --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_TRUSTED_KEYRING @@ -0,0 +1 @@ +CONFIG_IMA_TRUSTED_KEYRING=y diff --git a/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY new file mode 100644 index 000000000..e54ce85d7 --- /dev/null +++ b/configs/fedora/generic/CONFIG_IMA_WRITE_POLICY @@ -0,0 +1 @@ +CONFIG_IMA_WRITE_POLICY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY b/configs/fedora/generic/CONFIG_INTEGRITY index 5dd074057..a3524cb6b 100644 --- a/configs/fedora/generic/CONFIG_INTEGRITY +++ b/configs/fedora/generic/CONFIG_INTEGRITY @@ -1 +1 @@ -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS new file mode 100644 index 000000000..a1485b903 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_ASYMMETRIC_KEYS @@ -0,0 +1 @@ +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT new file mode 100644 index 000000000..09d5db2b6 --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_AUDIT @@ -0,0 +1 @@ +CONFIG_INTEGRITY_AUDIT=y diff --git a/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE new file mode 100644 index 000000000..2d104809d --- /dev/null +++ b/configs/fedora/generic/CONFIG_INTEGRITY_SIGNATURE @@ -0,0 +1 @@ +CONFIG_INTEGRITY_SIGNATURE=y diff --git a/configs/fedora/generic/CONFIG_TCG_TIS b/configs/fedora/generic/CONFIG_TCG_TIS index b119645b2..eb9a4ccac 100644 --- a/configs/fedora/generic/CONFIG_TCG_TIS +++ b/configs/fedora/generic/CONFIG_TCG_TIS @@ -1 +1 @@ -CONFIG_TCG_TIS=m +CONFIG_TCG_TIS=y diff --git a/configs/fedora/generic/CONFIG_TCG_TPM b/configs/fedora/generic/CONFIG_TCG_TPM index 8c2c3b86d..07d9499c1 100644 --- a/configs/fedora/generic/CONFIG_TCG_TPM +++ b/configs/fedora/generic/CONFIG_TCG_TPM @@ -1 +1 @@ -CONFIG_TCG_TPM=m +CONFIG_TCG_TPM=y -- cgit