From 9311d0121abc45953d53de794e926eeabb13af2d Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Wed, 17 Jul 2019 11:09:36 +0100
Subject: IMA: change default hash from sha1 to sha256, the later is more
 secuure and hence should be the default

---
 kernel-i686.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'kernel-i686.config')

diff --git a/kernel-i686.config b/kernel-i686.config
index 0143341ae..cccf51d7d 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2167,8 +2167,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-- 
cgit