mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-22 18:41:37 +00:00
kernel: Enable IMA for 4.14.x and 4.15.x
Enable the Integrity Measurement Architecture (IMA) for 4.14.x and 4.15.x kernels. This pretty much uses the defaults except we also enable INTEGRITY_ASYMMETRIC_KEYS and IMA_READ_POLICY. The latter may be useful for debugging. For s390x we also needed to enable TPM support. Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This commit is contained in:
Rolf Neugebauer
parent
b218449d73
commit
48251e8bcf
@ -4032,7 +4032,7 @@ CONFIG_STRICT_DEVMEM=y
|
|||||||
CONFIG_KEYS=y
|
CONFIG_KEYS=y
|
||||||
CONFIG_PERSISTENT_KEYRINGS=y
|
CONFIG_PERSISTENT_KEYRINGS=y
|
||||||
CONFIG_BIG_KEYS=y
|
CONFIG_BIG_KEYS=y
|
||||||
CONFIG_TRUSTED_KEYS=m
|
CONFIG_TRUSTED_KEYS=y
|
||||||
CONFIG_ENCRYPTED_KEYS=y
|
CONFIG_ENCRYPTED_KEYS=y
|
||||||
CONFIG_KEY_DH_OPERATIONS=y
|
CONFIG_KEY_DH_OPERATIONS=y
|
||||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||||
@ -4055,10 +4055,26 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
|||||||
# CONFIG_SECURITY_LOADPIN is not set
|
# CONFIG_SECURITY_LOADPIN is not set
|
||||||
CONFIG_SECURITY_YAMA=y
|
CONFIG_SECURITY_YAMA=y
|
||||||
CONFIG_INTEGRITY=y
|
CONFIG_INTEGRITY=y
|
||||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
CONFIG_INTEGRITY_SIGNATURE=y
|
||||||
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||||
CONFIG_INTEGRITY_AUDIT=y
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
# CONFIG_IMA is not set
|
CONFIG_IMA=y
|
||||||
# CONFIG_EVM is not set
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
CONFIG_IMA_READ_POLICY=y
|
||||||
|
CONFIG_IMA_APPRAISE=y
|
||||||
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||||
|
CONFIG_EVM=y
|
||||||
|
CONFIG_EVM_ATTR_FSUUID=y
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_DEFAULT_SECURITY=""
|
CONFIG_DEFAULT_SECURITY=""
|
||||||
CONFIG_XOR_BLOCKS=m
|
CONFIG_XOR_BLOCKS=m
|
||||||
@ -4315,6 +4331,7 @@ CONFIG_CLZ_TAB=y
|
|||||||
# CONFIG_DDR is not set
|
# CONFIG_DDR is not set
|
||||||
# CONFIG_IRQ_POLL is not set
|
# CONFIG_IRQ_POLL is not set
|
||||||
CONFIG_MPILIB=y
|
CONFIG_MPILIB=y
|
||||||
|
CONFIG_SIGNATURE=y
|
||||||
CONFIG_LIBFDT=y
|
CONFIG_LIBFDT=y
|
||||||
CONFIG_OID_REGISTRY=y
|
CONFIG_OID_REGISTRY=y
|
||||||
CONFIG_UCS2_STRING=y
|
CONFIG_UCS2_STRING=y
|
||||||
|
|||||||
@ -1874,12 +1874,18 @@ CONFIG_VIRTIO_CONSOLE=y
|
|||||||
CONFIG_HW_RANDOM=y
|
CONFIG_HW_RANDOM=y
|
||||||
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
||||||
CONFIG_HW_RANDOM_VIRTIO=y
|
CONFIG_HW_RANDOM_VIRTIO=y
|
||||||
|
CONFIG_HW_RANDOM_TPM=y
|
||||||
CONFIG_HW_RANDOM_S390=y
|
CONFIG_HW_RANDOM_S390=y
|
||||||
# CONFIG_R3964 is not set
|
# CONFIG_R3964 is not set
|
||||||
# CONFIG_APPLICOM is not set
|
# CONFIG_APPLICOM is not set
|
||||||
# CONFIG_RAW_DRIVER is not set
|
# CONFIG_RAW_DRIVER is not set
|
||||||
# CONFIG_HANGCHECK_TIMER is not set
|
# CONFIG_HANGCHECK_TIMER is not set
|
||||||
# CONFIG_TCG_TPM is not set
|
CONFIG_TCG_TPM=y
|
||||||
|
# CONFIG_TCG_TIS_I2C_ATMEL is not set
|
||||||
|
# CONFIG_TCG_TIS_I2C_INFINEON is not set
|
||||||
|
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
|
||||||
|
# CONFIG_TCG_VTPM_PROXY is not set
|
||||||
|
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
|
||||||
CONFIG_DEVPORT=y
|
CONFIG_DEVPORT=y
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -3039,6 +3045,7 @@ CONFIG_KEYS=y
|
|||||||
CONFIG_KEYS_COMPAT=y
|
CONFIG_KEYS_COMPAT=y
|
||||||
CONFIG_PERSISTENT_KEYRINGS=y
|
CONFIG_PERSISTENT_KEYRINGS=y
|
||||||
CONFIG_BIG_KEYS=y
|
CONFIG_BIG_KEYS=y
|
||||||
|
CONFIG_TRUSTED_KEYS=y
|
||||||
CONFIG_ENCRYPTED_KEYS=y
|
CONFIG_ENCRYPTED_KEYS=y
|
||||||
CONFIG_KEY_DH_OPERATIONS=y
|
CONFIG_KEY_DH_OPERATIONS=y
|
||||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||||
@ -3060,10 +3067,26 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
|||||||
# CONFIG_SECURITY_LOADPIN is not set
|
# CONFIG_SECURITY_LOADPIN is not set
|
||||||
CONFIG_SECURITY_YAMA=y
|
CONFIG_SECURITY_YAMA=y
|
||||||
CONFIG_INTEGRITY=y
|
CONFIG_INTEGRITY=y
|
||||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
CONFIG_INTEGRITY_SIGNATURE=y
|
||||||
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||||
CONFIG_INTEGRITY_AUDIT=y
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
# CONFIG_IMA is not set
|
CONFIG_IMA=y
|
||||||
# CONFIG_EVM is not set
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
CONFIG_IMA_READ_POLICY=y
|
||||||
|
CONFIG_IMA_APPRAISE=y
|
||||||
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||||
|
CONFIG_EVM=y
|
||||||
|
CONFIG_EVM_ATTR_FSUUID=y
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_DEFAULT_SECURITY=""
|
CONFIG_DEFAULT_SECURITY=""
|
||||||
CONFIG_XOR_BLOCKS=m
|
CONFIG_XOR_BLOCKS=m
|
||||||
@ -3299,6 +3322,7 @@ CONFIG_CLZ_TAB=y
|
|||||||
# CONFIG_DDR is not set
|
# CONFIG_DDR is not set
|
||||||
# CONFIG_IRQ_POLL is not set
|
# CONFIG_IRQ_POLL is not set
|
||||||
CONFIG_MPILIB=y
|
CONFIG_MPILIB=y
|
||||||
|
CONFIG_SIGNATURE=y
|
||||||
CONFIG_OID_REGISTRY=y
|
CONFIG_OID_REGISTRY=y
|
||||||
# CONFIG_SG_SPLIT is not set
|
# CONFIG_SG_SPLIT is not set
|
||||||
CONFIG_SG_POOL=y
|
CONFIG_SG_POOL=y
|
||||||
|
|||||||
@ -2219,9 +2219,9 @@ CONFIG_HPET=y
|
|||||||
CONFIG_HPET_MMAP=y
|
CONFIG_HPET_MMAP=y
|
||||||
CONFIG_HPET_MMAP_DEFAULT=y
|
CONFIG_HPET_MMAP_DEFAULT=y
|
||||||
CONFIG_HANGCHECK_TIMER=y
|
CONFIG_HANGCHECK_TIMER=y
|
||||||
CONFIG_TCG_TPM=m
|
CONFIG_TCG_TPM=y
|
||||||
CONFIG_TCG_TIS_CORE=m
|
CONFIG_TCG_TIS_CORE=y
|
||||||
CONFIG_TCG_TIS=m
|
CONFIG_TCG_TIS=y
|
||||||
CONFIG_TCG_TIS_I2C_ATMEL=m
|
CONFIG_TCG_TIS_I2C_ATMEL=m
|
||||||
CONFIG_TCG_TIS_I2C_INFINEON=m
|
CONFIG_TCG_TIS_I2C_INFINEON=m
|
||||||
CONFIG_TCG_TIS_I2C_NUVOTON=m
|
CONFIG_TCG_TIS_I2C_NUVOTON=m
|
||||||
@ -3850,7 +3850,7 @@ CONFIG_KEYS=y
|
|||||||
CONFIG_KEYS_COMPAT=y
|
CONFIG_KEYS_COMPAT=y
|
||||||
CONFIG_PERSISTENT_KEYRINGS=y
|
CONFIG_PERSISTENT_KEYRINGS=y
|
||||||
CONFIG_BIG_KEYS=y
|
CONFIG_BIG_KEYS=y
|
||||||
CONFIG_TRUSTED_KEYS=m
|
CONFIG_TRUSTED_KEYS=y
|
||||||
CONFIG_ENCRYPTED_KEYS=y
|
CONFIG_ENCRYPTED_KEYS=y
|
||||||
CONFIG_KEY_DH_OPERATIONS=y
|
CONFIG_KEY_DH_OPERATIONS=y
|
||||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||||
@ -3874,10 +3874,26 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
|||||||
# CONFIG_SECURITY_LOADPIN is not set
|
# CONFIG_SECURITY_LOADPIN is not set
|
||||||
CONFIG_SECURITY_YAMA=y
|
CONFIG_SECURITY_YAMA=y
|
||||||
CONFIG_INTEGRITY=y
|
CONFIG_INTEGRITY=y
|
||||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
CONFIG_INTEGRITY_SIGNATURE=y
|
||||||
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||||
CONFIG_INTEGRITY_AUDIT=y
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
# CONFIG_IMA is not set
|
CONFIG_IMA=y
|
||||||
# CONFIG_EVM is not set
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
CONFIG_IMA_READ_POLICY=y
|
||||||
|
CONFIG_IMA_APPRAISE=y
|
||||||
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||||
|
CONFIG_EVM=y
|
||||||
|
CONFIG_EVM_ATTR_FSUUID=y
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_DEFAULT_SECURITY=""
|
CONFIG_DEFAULT_SECURITY=""
|
||||||
CONFIG_XOR_BLOCKS=m
|
CONFIG_XOR_BLOCKS=m
|
||||||
@ -4176,6 +4192,7 @@ CONFIG_CLZ_TAB=y
|
|||||||
# CONFIG_DDR is not set
|
# CONFIG_DDR is not set
|
||||||
# CONFIG_IRQ_POLL is not set
|
# CONFIG_IRQ_POLL is not set
|
||||||
CONFIG_MPILIB=y
|
CONFIG_MPILIB=y
|
||||||
|
CONFIG_SIGNATURE=y
|
||||||
CONFIG_OID_REGISTRY=y
|
CONFIG_OID_REGISTRY=y
|
||||||
CONFIG_UCS2_STRING=y
|
CONFIG_UCS2_STRING=y
|
||||||
CONFIG_FONT_SUPPORT=y
|
CONFIG_FONT_SUPPORT=y
|
||||||
|
|||||||
@ -4076,7 +4076,7 @@ CONFIG_STRICT_DEVMEM=y
|
|||||||
CONFIG_KEYS=y
|
CONFIG_KEYS=y
|
||||||
CONFIG_PERSISTENT_KEYRINGS=y
|
CONFIG_PERSISTENT_KEYRINGS=y
|
||||||
CONFIG_BIG_KEYS=y
|
CONFIG_BIG_KEYS=y
|
||||||
CONFIG_TRUSTED_KEYS=m
|
CONFIG_TRUSTED_KEYS=y
|
||||||
CONFIG_ENCRYPTED_KEYS=y
|
CONFIG_ENCRYPTED_KEYS=y
|
||||||
CONFIG_KEY_DH_OPERATIONS=y
|
CONFIG_KEY_DH_OPERATIONS=y
|
||||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||||
@ -4099,10 +4099,26 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
|||||||
# CONFIG_SECURITY_LOADPIN is not set
|
# CONFIG_SECURITY_LOADPIN is not set
|
||||||
CONFIG_SECURITY_YAMA=y
|
CONFIG_SECURITY_YAMA=y
|
||||||
CONFIG_INTEGRITY=y
|
CONFIG_INTEGRITY=y
|
||||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
CONFIG_INTEGRITY_SIGNATURE=y
|
||||||
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||||
CONFIG_INTEGRITY_AUDIT=y
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
# CONFIG_IMA is not set
|
CONFIG_IMA=y
|
||||||
# CONFIG_EVM is not set
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
CONFIG_IMA_READ_POLICY=y
|
||||||
|
CONFIG_IMA_APPRAISE=y
|
||||||
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||||
|
CONFIG_EVM=y
|
||||||
|
CONFIG_EVM_ATTR_FSUUID=y
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_DEFAULT_SECURITY=""
|
CONFIG_DEFAULT_SECURITY=""
|
||||||
CONFIG_XOR_BLOCKS=m
|
CONFIG_XOR_BLOCKS=m
|
||||||
@ -4359,6 +4375,7 @@ CONFIG_CLZ_TAB=y
|
|||||||
# CONFIG_DDR is not set
|
# CONFIG_DDR is not set
|
||||||
# CONFIG_IRQ_POLL is not set
|
# CONFIG_IRQ_POLL is not set
|
||||||
CONFIG_MPILIB=y
|
CONFIG_MPILIB=y
|
||||||
|
CONFIG_SIGNATURE=y
|
||||||
CONFIG_LIBFDT=y
|
CONFIG_LIBFDT=y
|
||||||
CONFIG_OID_REGISTRY=y
|
CONFIG_OID_REGISTRY=y
|
||||||
CONFIG_UCS2_STRING=y
|
CONFIG_UCS2_STRING=y
|
||||||
|
|||||||
@ -1895,12 +1895,18 @@ CONFIG_VIRTIO_CONSOLE=y
|
|||||||
CONFIG_HW_RANDOM=y
|
CONFIG_HW_RANDOM=y
|
||||||
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
|
||||||
CONFIG_HW_RANDOM_VIRTIO=y
|
CONFIG_HW_RANDOM_VIRTIO=y
|
||||||
|
CONFIG_HW_RANDOM_TPM=y
|
||||||
CONFIG_HW_RANDOM_S390=y
|
CONFIG_HW_RANDOM_S390=y
|
||||||
# CONFIG_R3964 is not set
|
# CONFIG_R3964 is not set
|
||||||
# CONFIG_APPLICOM is not set
|
# CONFIG_APPLICOM is not set
|
||||||
# CONFIG_RAW_DRIVER is not set
|
# CONFIG_RAW_DRIVER is not set
|
||||||
# CONFIG_HANGCHECK_TIMER is not set
|
# CONFIG_HANGCHECK_TIMER is not set
|
||||||
# CONFIG_TCG_TPM is not set
|
CONFIG_TCG_TPM=y
|
||||||
|
# CONFIG_TCG_TIS_I2C_ATMEL is not set
|
||||||
|
# CONFIG_TCG_TIS_I2C_INFINEON is not set
|
||||||
|
# CONFIG_TCG_TIS_I2C_NUVOTON is not set
|
||||||
|
# CONFIG_TCG_VTPM_PROXY is not set
|
||||||
|
# CONFIG_TCG_TIS_ST33ZP24_I2C is not set
|
||||||
CONFIG_DEVPORT=y
|
CONFIG_DEVPORT=y
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -3076,6 +3082,7 @@ CONFIG_KEYS=y
|
|||||||
CONFIG_KEYS_COMPAT=y
|
CONFIG_KEYS_COMPAT=y
|
||||||
CONFIG_PERSISTENT_KEYRINGS=y
|
CONFIG_PERSISTENT_KEYRINGS=y
|
||||||
CONFIG_BIG_KEYS=y
|
CONFIG_BIG_KEYS=y
|
||||||
|
CONFIG_TRUSTED_KEYS=y
|
||||||
CONFIG_ENCRYPTED_KEYS=y
|
CONFIG_ENCRYPTED_KEYS=y
|
||||||
CONFIG_KEY_DH_OPERATIONS=y
|
CONFIG_KEY_DH_OPERATIONS=y
|
||||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||||
@ -3098,10 +3105,26 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
|||||||
# CONFIG_SECURITY_LOADPIN is not set
|
# CONFIG_SECURITY_LOADPIN is not set
|
||||||
CONFIG_SECURITY_YAMA=y
|
CONFIG_SECURITY_YAMA=y
|
||||||
CONFIG_INTEGRITY=y
|
CONFIG_INTEGRITY=y
|
||||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
CONFIG_INTEGRITY_SIGNATURE=y
|
||||||
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||||
CONFIG_INTEGRITY_AUDIT=y
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
# CONFIG_IMA is not set
|
CONFIG_IMA=y
|
||||||
# CONFIG_EVM is not set
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
CONFIG_IMA_READ_POLICY=y
|
||||||
|
CONFIG_IMA_APPRAISE=y
|
||||||
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||||
|
CONFIG_EVM=y
|
||||||
|
CONFIG_EVM_ATTR_FSUUID=y
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_DEFAULT_SECURITY=""
|
CONFIG_DEFAULT_SECURITY=""
|
||||||
CONFIG_XOR_BLOCKS=m
|
CONFIG_XOR_BLOCKS=m
|
||||||
@ -3337,6 +3360,7 @@ CONFIG_CLZ_TAB=y
|
|||||||
# CONFIG_DDR is not set
|
# CONFIG_DDR is not set
|
||||||
# CONFIG_IRQ_POLL is not set
|
# CONFIG_IRQ_POLL is not set
|
||||||
CONFIG_MPILIB=y
|
CONFIG_MPILIB=y
|
||||||
|
CONFIG_SIGNATURE=y
|
||||||
CONFIG_OID_REGISTRY=y
|
CONFIG_OID_REGISTRY=y
|
||||||
# CONFIG_SG_SPLIT is not set
|
# CONFIG_SG_SPLIT is not set
|
||||||
CONFIG_SG_POOL=y
|
CONFIG_SG_POOL=y
|
||||||
|
|||||||
@ -2232,9 +2232,9 @@ CONFIG_HPET=y
|
|||||||
CONFIG_HPET_MMAP=y
|
CONFIG_HPET_MMAP=y
|
||||||
CONFIG_HPET_MMAP_DEFAULT=y
|
CONFIG_HPET_MMAP_DEFAULT=y
|
||||||
CONFIG_HANGCHECK_TIMER=y
|
CONFIG_HANGCHECK_TIMER=y
|
||||||
CONFIG_TCG_TPM=m
|
CONFIG_TCG_TPM=y
|
||||||
CONFIG_TCG_TIS_CORE=m
|
CONFIG_TCG_TIS_CORE=y
|
||||||
CONFIG_TCG_TIS=m
|
CONFIG_TCG_TIS=y
|
||||||
CONFIG_TCG_TIS_I2C_ATMEL=m
|
CONFIG_TCG_TIS_I2C_ATMEL=m
|
||||||
CONFIG_TCG_TIS_I2C_INFINEON=m
|
CONFIG_TCG_TIS_I2C_INFINEON=m
|
||||||
CONFIG_TCG_TIS_I2C_NUVOTON=m
|
CONFIG_TCG_TIS_I2C_NUVOTON=m
|
||||||
@ -3879,7 +3879,7 @@ CONFIG_KEYS=y
|
|||||||
CONFIG_KEYS_COMPAT=y
|
CONFIG_KEYS_COMPAT=y
|
||||||
CONFIG_PERSISTENT_KEYRINGS=y
|
CONFIG_PERSISTENT_KEYRINGS=y
|
||||||
CONFIG_BIG_KEYS=y
|
CONFIG_BIG_KEYS=y
|
||||||
CONFIG_TRUSTED_KEYS=m
|
CONFIG_TRUSTED_KEYS=y
|
||||||
CONFIG_ENCRYPTED_KEYS=y
|
CONFIG_ENCRYPTED_KEYS=y
|
||||||
CONFIG_KEY_DH_OPERATIONS=y
|
CONFIG_KEY_DH_OPERATIONS=y
|
||||||
CONFIG_SECURITY_DMESG_RESTRICT=y
|
CONFIG_SECURITY_DMESG_RESTRICT=y
|
||||||
@ -3903,10 +3903,26 @@ CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
|
|||||||
# CONFIG_SECURITY_LOADPIN is not set
|
# CONFIG_SECURITY_LOADPIN is not set
|
||||||
CONFIG_SECURITY_YAMA=y
|
CONFIG_SECURITY_YAMA=y
|
||||||
CONFIG_INTEGRITY=y
|
CONFIG_INTEGRITY=y
|
||||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
CONFIG_INTEGRITY_SIGNATURE=y
|
||||||
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||||
CONFIG_INTEGRITY_AUDIT=y
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
# CONFIG_IMA is not set
|
CONFIG_IMA=y
|
||||||
# CONFIG_EVM is not set
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||||
|
# CONFIG_IMA_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_NG_TEMPLATE=y
|
||||||
|
# CONFIG_IMA_SIG_TEMPLATE is not set
|
||||||
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
||||||
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
||||||
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||||
|
# CONFIG_IMA_WRITE_POLICY is not set
|
||||||
|
CONFIG_IMA_READ_POLICY=y
|
||||||
|
CONFIG_IMA_APPRAISE=y
|
||||||
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||||
|
CONFIG_EVM=y
|
||||||
|
CONFIG_EVM_ATTR_FSUUID=y
|
||||||
CONFIG_DEFAULT_SECURITY_DAC=y
|
CONFIG_DEFAULT_SECURITY_DAC=y
|
||||||
CONFIG_DEFAULT_SECURITY=""
|
CONFIG_DEFAULT_SECURITY=""
|
||||||
CONFIG_XOR_BLOCKS=m
|
CONFIG_XOR_BLOCKS=m
|
||||||
@ -4205,6 +4221,7 @@ CONFIG_CLZ_TAB=y
|
|||||||
# CONFIG_DDR is not set
|
# CONFIG_DDR is not set
|
||||||
# CONFIG_IRQ_POLL is not set
|
# CONFIG_IRQ_POLL is not set
|
||||||
CONFIG_MPILIB=y
|
CONFIG_MPILIB=y
|
||||||
|
CONFIG_SIGNATURE=y
|
||||||
CONFIG_OID_REGISTRY=y
|
CONFIG_OID_REGISTRY=y
|
||||||
CONFIG_UCS2_STRING=y
|
CONFIG_UCS2_STRING=y
|
||||||
CONFIG_FONT_SUPPORT=y
|
CONFIG_FONT_SUPPORT=y
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user