Re: [linux-yocto] [kernel-cache][master][yocto-6.1][PATCH] features: update ima.cfg to match current meta-integrity

Wed, 12 Jul 2023 13:04:09 -0700 

merged (also to the new 6.4 branch).

Bruce

In message: [linux-yocto] [kernel-cache][master][yocto-6.1][PATCH] features: 
update ima.cfg to match current meta-integrity
on 07/07/2023 Armin Kuster wrote:

> Signed-off-by: Armin Kuster <akuster...@gmail.com>
> ---
>  features/ima/ima.cfg | 36 ++++++++++++++++++++++++++++--------
>  1 file changed, 28 insertions(+), 8 deletions(-)
> 
> diff --git a/features/ima/ima.cfg b/features/ima/ima.cfg
> index 2fc801f7..acb5fd02 100644
> --- a/features/ima/ima.cfg
> +++ b/features/ima/ima.cfg
> @@ -1,15 +1,35 @@
>  # SPDX-License-Identifier: MIT
>  CONFIG_IMA=y
> +CONFIG_IMA_LSM_RULES=y
>  CONFIG_IMA_MEASURE_PCR_IDX=10
> -CONFIG_IMA_NG_TEMPLATE=y
> -CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
> -CONFIG_IMA_DEFAULT_HASH_SHA1=y
> -CONFIG_IMA_DEFAULT_HASH="sha1"
> -CONFIG_IMA_APPRAISE=y
> -CONFIG_IMA_APPRAISE_BOOTPARAM=y
> +CONFIG_IMA_SIG_TEMPLATE=y
> +CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
> +CONFIG_IMA_DEFAULT_HASH_SHA256=y
> +CONFIG_IMA_DEFAULT_HASH="sha256"
> +CONFIG_IMA_ARCH_POLICY=y
> +CONFIG_IMA_APPRAISE_BUILD_POLICY=y
> +CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS=y
> +CONFIG_IMA_APPRAISE_SIGNED_INIT=y
> +CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
> +CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
>  CONFIG_IMA_TRUSTED_KEYRING=y
> +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
>  CONFIG_SIGNATURE=y
>  CONFIG_IMA_WRITE_POLICY=y
>  CONFIG_IMA_READ_POLICY=y
> -CONFIG_IMA_LOAD_X509=y
> -CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
> +CONFIG_INTEGRITY=y
> +CONFIG_INTEGRITY_SIGNATURE=y
> +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
> +CONFIG_INTEGRITY_TRUSTED_KEYRING=y
> +CONFIG_EVM=y
> +CONFIG_KEYS=y
> +CONFIG_ASYMMETRIC_KEY_TYPE=y
> +CONFIG_SYSTEM_TRUSTED_KEYRING=y
> +CONFIG_SECONDARY_TRUSTED_KEYRING=y
> +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
> +CONFIG_X509_CERTIFICATE_PARSER=y
> +CONFIG_PKCS8_PRIVATE_KEY_PARSER=y
> +CONFIG_CRYPTO_ECDSA=y
> +CONFIG_SECURITY=y
> +CONFIG_SECURITYFS=y
> -- 
> 2.34.1
> 

> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12850): 
https://lists.yoctoproject.org/g/linux-yocto/message/12850
Mute This Topic: https://lists.yoctoproject.org/mt/100005360/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: 
https://lists.yoctoproject.org/g/linux-yocto/leave/6687884/21656/624485779/xyzzy
 [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to