From 89207621e9e4a9abe5b30315ef9ac0b3a7e7efa0 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Wed, 17 Jul 2019 11:09:36 +0100
Subject: IMA: change default hash from sha1 to sha256, the later is more
 secuure and hence should be the default

---
 kernel-i686.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'kernel-i686.config')

diff --git a/kernel-i686.config b/kernel-i686.config
index 5f81037fb..d4b369150 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2183,8 +2183,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-- 
cgit