From a344da7077566c43ffc3ea9b6f0fe5d7d69c8045 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Wed, 17 Jul 2019 11:09:36 +0100
Subject: IMA: change default hash from sha1 to sha256, the later is more
 secuure and hence should be the default

---
 kernel-aarch64.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'kernel-aarch64.config')

diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index 9964d6d8a..51e461f6e 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -2367,8 +2367,8 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-- 
cgit