merged (also to the new 6.4 branch). Bruce
In message: [linux-yocto] [kernel-cache][master][yocto-6.1][PATCH] features: update ima.cfg to match current meta-integrity on 07/07/2023 Armin Kuster wrote: > Signed-off-by: Armin Kuster <akuster...@gmail.com> > --- > features/ima/ima.cfg | 36 ++++++++++++++++++++++++++++-------- > 1 file changed, 28 insertions(+), 8 deletions(-) > > diff --git a/features/ima/ima.cfg b/features/ima/ima.cfg > index 2fc801f7..acb5fd02 100644 > --- a/features/ima/ima.cfg > +++ b/features/ima/ima.cfg > @@ -1,15 +1,35 @@ > # SPDX-License-Identifier: MIT > CONFIG_IMA=y > +CONFIG_IMA_LSM_RULES=y > CONFIG_IMA_MEASURE_PCR_IDX=10 > -CONFIG_IMA_NG_TEMPLATE=y > -CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" > -CONFIG_IMA_DEFAULT_HASH_SHA1=y > -CONFIG_IMA_DEFAULT_HASH="sha1" > -CONFIG_IMA_APPRAISE=y > -CONFIG_IMA_APPRAISE_BOOTPARAM=y > +CONFIG_IMA_SIG_TEMPLATE=y > +CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig" > +CONFIG_IMA_DEFAULT_HASH_SHA256=y > +CONFIG_IMA_DEFAULT_HASH="sha256" > +CONFIG_IMA_ARCH_POLICY=y > +CONFIG_IMA_APPRAISE_BUILD_POLICY=y > +CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS=y > +CONFIG_IMA_APPRAISE_SIGNED_INIT=y > +CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y > +CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > CONFIG_IMA_TRUSTED_KEYRING=y > +CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y > CONFIG_SIGNATURE=y > CONFIG_IMA_WRITE_POLICY=y > CONFIG_IMA_READ_POLICY=y > -CONFIG_IMA_LOAD_X509=y > -CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" > +CONFIG_INTEGRITY=y > +CONFIG_INTEGRITY_SIGNATURE=y > +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y > +CONFIG_INTEGRITY_TRUSTED_KEYRING=y > +CONFIG_EVM=y > +CONFIG_KEYS=y > +CONFIG_ASYMMETRIC_KEY_TYPE=y > +CONFIG_SYSTEM_TRUSTED_KEYRING=y > +CONFIG_SECONDARY_TRUSTED_KEYRING=y > +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y > +CONFIG_X509_CERTIFICATE_PARSER=y > +CONFIG_PKCS8_PRIVATE_KEY_PARSER=y > +CONFIG_CRYPTO_ECDSA=y > +CONFIG_SECURITY=y > +CONFIG_SECURITYFS=y > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#12850): https://lists.yoctoproject.org/g/linux-yocto/message/12850 Mute This Topic: https://lists.yoctoproject.org/mt/100005360/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/leave/6687884/21656/624485779/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-