From a344da7077566c43ffc3ea9b6f0fe5d7d69c8045 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Wed, 17 Jul 2019 11:09:36 +0100
Subject: IMA: change default hash from sha1 to sha256, the later is more
 secuure and hence should be the default

---
 kernel-x86_64.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'kernel-x86_64.config')

diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index c45a4ecc6..0be460e83 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -2176,8 +2176,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-- 
cgit