From bb540d20c6388d18e5977f14f35f96318be223e1 Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@redhat.com>
Date: Mon, 19 Feb 2018 10:40:39 -0800
Subject: Enable IMA (rhbz 790008)

---
 kernel-x86_64-debug.config | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'kernel-x86_64-debug.config')

diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 738e9f1aa..ec08afc9d 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -2118,9 +2118,17 @@ CONFIG_IIO_TIGHTLOOP_TRIGGER=m
 CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
-# CONFIG_IMA is not set
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_APPRAISE=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+# CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
 # CONFIG_IMG_ASCII_LCD is not set
 # CONFIG_INA2XX_ADC is not set
 CONFIG_INET6_AH=m
@@ -2242,7 +2250,10 @@ CONFIG_INPUT=y
 CONFIG_INPUT_YEALINK=m
 CONFIG_INT3406_THERMAL=m
 CONFIG_INT340X_THERMAL=m
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_AUDIT=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY=y
 # CONFIG_INTEL_ATOMISP is not set
 CONFIG_INTEL_BXT_PMIC_THERMAL=m
 CONFIG_INTEL_CHTDC_TI_PWRBTN=m
@@ -5440,12 +5451,12 @@ CONFIG_TCG_NSC=m
 # CONFIG_TCG_TIS_I2C_ATMEL is not set
 # CONFIG_TCG_TIS_I2C_INFINEON is not set
 # CONFIG_TCG_TIS_I2C_NUVOTON is not set
-CONFIG_TCG_TIS=m
 # CONFIG_TCG_TIS_SPI is not set
 # CONFIG_TCG_TIS_ST33ZP24_I2C is not set
 # CONFIG_TCG_TIS_ST33ZP24 is not set
 # CONFIG_TCG_TIS_ST33ZP24_SPI is not set
-CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TPM=y
 # CONFIG_TCG_VTPM_PROXY is not set
 # CONFIG_TCG_XEN is not set
 CONFIG_TCM_FC=m
-- 
cgit