Re: [linux-yocto] [kernel-cache][master][yocto-6.1][PATCH] features: update ima.cfg to match current meta-integrity

Fri, 14 Jul 2023 04:22:37 -0700 

thanks

On 7/12/23 4:04 PM, Bruce Ashfield wrote:

merged (also to the new 6.4 branch).

Bruce

In message: [linux-yocto] [kernel-cache][master][yocto-6.1][PATCH] features: 
update ima.cfg to match current meta-integrity
on 07/07/2023 Armin Kuster wrote:


Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
  features/ima/ima.cfg | 36 ++++++++++++++++++++++++++++--------
  1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/features/ima/ima.cfg b/features/ima/ima.cfg
index 2fc801f7..acb5fd02 100644
--- a/features/ima/ima.cfg
+++ b/features/ima/ima.cfg
@@ -1,15 +1,35 @@
  # SPDX-License-Identifier: MIT
  CONFIG_IMA=y
+CONFIG_IMA_LSM_RULES=y
  CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_SIG_TEMPLATE=y
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_DEFAULT_HASH="sha256"
+CONFIG_IMA_ARCH_POLICY=y
+CONFIG_IMA_APPRAISE_BUILD_POLICY=y
+CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS=y
+CONFIG_IMA_APPRAISE_SIGNED_INIT=y
+CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
+CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
  CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
  CONFIG_SIGNATURE=y
  CONFIG_IMA_WRITE_POLICY=y
  CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_LOAD_X509=y
-CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
+CONFIG_INTEGRITY=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_TRUSTED_KEYRING=y
+CONFIG_EVM=y
+CONFIG_KEYS=y
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SECONDARY_TRUSTED_KEYRING=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS8_PRIVATE_KEY_PARSER=y
+CONFIG_CRYPTO_ECDSA=y
+CONFIG_SECURITY=y
+CONFIG_SECURITYFS=y
--
2.34.1






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12856): 
https://lists.yoctoproject.org/g/linux-yocto/message/12856
Mute This Topic: https://lists.yoctoproject.org/mt/100005360/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to