Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2018-04-04 11:02:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Wed Apr 4 11:02:48 2018 rev:417 rq:591265 version:4.15.13 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2018-03-26 16:00:15.564429947 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2018-04-04 11:02:51.525606387 +0200 @@ -973,0 +974,30 @@ +Tue Mar 6 14:08:41 CET 2018 - [email protected] + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + <module_name>: loading out-of-tree module taints kernel. + <module_name>: module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.336707104 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.340706959 +0200 @@ -31,7 +31,7 @@ Name: dtb-aarch64 Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.416704204 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.420704059 +0200 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.508700870 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.512700725 +0200 @@ -33,7 +33,7 @@ Group: Documentation/Man Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.532700000 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.532700000 +0200 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.552699275 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.556699130 +0200 @@ -66,7 +66,7 @@ Group: SLES Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif kernel-obs-qa.spec: same change ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.608697245 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.612697100 +0200 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.632696375 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.632696375 +0200 @@ -32,7 +32,7 @@ Group: Development/Sources Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.656695506 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.656695506 +0200 @@ -27,7 +27,7 @@ Version: 4.15.13 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:16.688694346 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:16.696694056 +0200 @@ -60,7 +60,7 @@ Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: <RELEASE>.g950fc49 +Release: <RELEASE>.g12abbef %else Release: 0 %endif kernel-vanilla.spec: same change kernel-zfcpdump.spec: same change ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/debug new/config/i386/debug --- old/config/i386/debug 2018-03-19 20:55:59.000000000 +0100 +++ new/config/i386/debug 2018-03-25 22:21:41.000000000 +0200 @@ -46,6 +46,7 @@ CONFIG_MAC80211_VERBOSE_DEBUG=y CONFIG_MEMSTICK_DEBUG=y CONFIG_MMC_DEBUG=y +# CONFIG_MODULE_SIG is not set CONFIG_OCFS2_DEBUG_FS=y CONFIG_OCFS2_DEBUG_MASKLOG=y # CONFIG_PARAVIRT_SPINLOCKS is not set @@ -71,6 +72,5 @@ CONFIG_XFS_ASSERT_FATAL=y CONFIG_XFS_DEBUG=y CONFIG_MODULES=y -# CONFIG_MODULE_SIG is not set # CONFIG_SUSE_KERNEL_SUPPORTED is not set CONFIG_EFI_STUB=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/default new/config/i386/default --- old/config/i386/default 2018-03-19 20:55:59.000000000 +0100 +++ new/config/i386/default 2018-03-25 22:21:41.000000000 +0200 @@ -184,6 +184,7 @@ # CONFIG_MMC_SDHCI_OF_ARASAN is not set # CONFIG_MMC_SDHCI_OF_AT91 is not set CONFIG_MMC_SDHCI_OMAP=m +# CONFIG_MODULE_SIG is not set CONFIG_MOUSE_ATIXL=y CONFIG_MOUSE_INPORT=m CONFIG_MOUSE_LOGIBM=m @@ -368,6 +369,5 @@ CONFIG_XO15_EBOOK=m CONFIG_XO1_RFKILL=m CONFIG_MODULES=y -# CONFIG_MODULE_SIG is not set # CONFIG_SUSE_KERNEL_SUPPORTED is not set CONFIG_EFI_STUB=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/pae new/config/i386/pae --- old/config/i386/pae 2018-03-19 20:55:59.000000000 +0100 +++ new/config/i386/pae 2018-03-25 22:21:41.000000000 +0200 @@ -345,7 +345,15 @@ # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +# CONFIG_MODULE_SIG_ALL is not set +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +CONFIG_MODULE_SIG_SHA256=y +# CONFIG_MODULE_SIG_SHA384 is not set +# CONFIG_MODULE_SIG_SHA512 is not set +CONFIG_MODULE_SIG_HASH="sha256" # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y @@ -8341,6 +8349,7 @@ CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_TRUSTED_KEYRING is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set CONFIG_EVM=y CONFIG_EVM_ATTR_FSUUID=y # CONFIG_EVM_LOAD_X509 is not set @@ -8534,11 +8543,13 @@ # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -# CONFIG_SECONDARY_TRUSTED_KEYRING is not set -# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_HAVE_KVM=y CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/debug new/config/ppc64/debug --- old/config/ppc64/debug 2018-03-19 20:55:59.000000000 +0100 +++ new/config/ppc64/debug 2018-03-25 22:21:41.000000000 +0200 @@ -34,6 +34,7 @@ CONFIG_MAC80211_STA_DEBUG=y CONFIG_MAC80211_TDLS_DEBUG=y CONFIG_MAC80211_VERBOSE_DEBUG=y +# CONFIG_MODULE_SIG is not set CONFIG_PCIEASPM_DEBUG=y CONFIG_REISERFS_CHECK=y CONFIG_REISERFS_PROC_INFO=y @@ -44,5 +45,4 @@ CONFIG_TTY_PRINTK=y CONFIG_UNINLINE_SPIN_UNLOCK=y CONFIG_MODULES=y -# CONFIG_MODULE_SIG is not set # CONFIG_SUSE_KERNEL_SUPPORTED is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/default new/config/ppc64/default --- old/config/ppc64/default 2018-03-19 20:55:59.000000000 +0100 +++ new/config/ppc64/default 2018-03-25 22:21:41.000000000 +0200 @@ -358,7 +358,15 @@ CONFIG_MODVERSIONS=y CONFIG_MODULE_REL_CRCS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +# CONFIG_MODULE_SIG_ALL is not set +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +CONFIG_MODULE_SIG_SHA256=y +# CONFIG_MODULE_SIG_SHA384 is not set +# CONFIG_MODULE_SIG_SHA512 is not set +CONFIG_MODULE_SIG_HASH="sha256" # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y @@ -6887,6 +6895,7 @@ CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_TRUSTED_KEYRING is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set CONFIG_EVM=y CONFIG_EVM_ATTR_FSUUID=y # CONFIG_EVM_LOAD_X509 is not set @@ -7067,11 +7076,13 @@ # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -# CONFIG_SECONDARY_TRUSTED_KEYRING is not set -# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y CONFIG_HAVE_KVM_EVENTFD=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/debug new/config/ppc64le/debug --- old/config/ppc64le/debug 2018-03-19 20:55:59.000000000 +0100 +++ new/config/ppc64le/debug 2018-03-25 22:21:41.000000000 +0200 @@ -33,6 +33,7 @@ CONFIG_MAC80211_STA_DEBUG=y CONFIG_MAC80211_TDLS_DEBUG=y CONFIG_MAC80211_VERBOSE_DEBUG=y +# CONFIG_MODULE_SIG is not set CONFIG_PCIEASPM_DEBUG=y CONFIG_REISERFS_CHECK=y CONFIG_REISERFS_PROC_INFO=y @@ -43,5 +44,4 @@ CONFIG_TTY_PRINTK=y CONFIG_UNINLINE_SPIN_UNLOCK=y CONFIG_MODULES=y -# CONFIG_MODULE_SIG is not set # CONFIG_SUSE_KERNEL_SUPPORTED is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/default new/config/ppc64le/default --- old/config/ppc64le/default 2018-03-19 20:55:59.000000000 +0100 +++ new/config/ppc64le/default 2018-03-25 22:21:41.000000000 +0200 @@ -351,7 +351,15 @@ # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +# CONFIG_MODULE_SIG_ALL is not set +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +CONFIG_MODULE_SIG_SHA256=y +# CONFIG_MODULE_SIG_SHA384 is not set +# CONFIG_MODULE_SIG_SHA512 is not set +CONFIG_MODULE_SIG_HASH="sha256" # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y @@ -6744,6 +6752,7 @@ CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_TRUSTED_KEYRING is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set CONFIG_EVM=y CONFIG_EVM_ATTR_FSUUID=y # CONFIG_EVM_LOAD_X509 is not set @@ -6923,11 +6932,13 @@ # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -# CONFIG_SECONDARY_TRUSTED_KEYRING is not set -# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y CONFIG_HAVE_KVM_EVENTFD=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/default new/config/s390x/default --- old/config/s390x/default 2018-03-19 20:55:59.000000000 +0100 +++ new/config/s390x/default 2018-03-25 22:21:41.000000000 +0200 @@ -209,7 +209,7 @@ # CONFIG_SLOB is not set CONFIG_SLAB_MERGE_DEFAULT=y CONFIG_SLAB_FREELIST_RANDOM=y -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=y CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y CONFIG_CRASH_CORE=y @@ -289,7 +289,15 @@ # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +# CONFIG_MODULE_SIG_ALL is not set +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +CONFIG_MODULE_SIG_SHA256=y +# CONFIG_MODULE_SIG_SHA384 is not set +# CONFIG_MODULE_SIG_SHA512 is not set +CONFIG_MODULE_SIG_HASH="sha256" # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y @@ -3238,6 +3246,7 @@ CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_TRUSTED_KEYRING is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set CONFIG_EVM=y CONFIG_EVM_ATTR_FSUUID=y # CONFIG_EVM_LOAD_X509 is not set @@ -3411,15 +3420,19 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_X509_CERTIFICATE_PARSER=y CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -# CONFIG_SECONDARY_TRUSTED_KEYRING is not set -# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_BINARY_PRINTF=y # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/debug new/config/x86_64/debug --- old/config/x86_64/debug 2018-03-19 20:55:59.000000000 +0100 +++ new/config/x86_64/debug 2018-03-25 22:21:41.000000000 +0200 @@ -45,6 +45,7 @@ CONFIG_MAC80211_VERBOSE_DEBUG=y CONFIG_MEMSTICK_DEBUG=y CONFIG_MMC_DEBUG=y +# CONFIG_MODULE_SIG is not set CONFIG_OCFS2_DEBUG_FS=y CONFIG_OCFS2_DEBUG_MASKLOG=y # CONFIG_PARAVIRT_SPINLOCKS is not set @@ -70,6 +71,5 @@ CONFIG_XFS_ASSERT_FATAL=y CONFIG_XFS_DEBUG=y CONFIG_MODULES=y -# CONFIG_MODULE_SIG is not set # CONFIG_SUSE_KERNEL_SUPPORTED is not set CONFIG_EFI_STUB=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/default new/config/x86_64/default --- old/config/x86_64/default 2018-03-19 20:55:59.000000000 +0100 +++ new/config/x86_64/default 2018-03-25 22:21:41.000000000 +0200 @@ -366,7 +366,15 @@ # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +# CONFIG_MODULE_SIG_ALL is not set +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +CONFIG_MODULE_SIG_SHA256=y +# CONFIG_MODULE_SIG_SHA384 is not set +# CONFIG_MODULE_SIG_SHA512 is not set +CONFIG_MODULE_SIG_HASH="sha256" # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y @@ -8367,6 +8375,7 @@ CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_TRUSTED_KEYRING is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set CONFIG_EVM=y CONFIG_EVM_ATTR_FSUUID=y # CONFIG_EVM_LOAD_X509 is not set @@ -8581,11 +8590,13 @@ # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -# CONFIG_SECONDARY_TRUSTED_KEYRING is not set -# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +CONFIG_SECONDARY_TRUSTED_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_HAVE_KVM=y CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_IRQFD=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/syzkaller new/config/x86_64/syzkaller --- old/config/x86_64/syzkaller 2018-03-19 20:55:59.000000000 +0100 +++ new/config/x86_64/syzkaller 2018-03-25 22:21:41.000000000 +0200 @@ -25,6 +25,7 @@ CONFIG_KCOV_INSTRUMENT_ALL=y CONFIG_LOCALVERSION="-syzkaller" CONFIG_LOCKDEP=y +# CONFIG_MODULE_SIG is not set CONFIG_PROVE_LOCKING=y CONFIG_PROVE_RCU=y # CONFIG_SLAB is not set @@ -42,6 +43,5 @@ CONFIG_UBSAN_NULL=y CONFIG_UBSAN_SANITIZE_ALL=y CONFIG_MODULES=y -# CONFIG_MODULE_SIG is not set # CONFIG_SUSE_KERNEL_SUPPORTED is not set CONFIG_EFI_STUB=y ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.EZxt2H/_old 2018-04-04 11:03:17.676658537 +0200 +++ /var/tmp/diff_new_pack.EZxt2H/_new 2018-04-04 11:03:17.680658392 +0200 @@ -1,3 +1,3 @@ -2018-03-25 10:34:58 +0200 -GIT Revision: 950fc49446f43cd0aa5c406e5dd837053ee73f3b +2018-03-25 22:21:41 +0200 +GIT Revision: 12abbef0096b249fb517902aff4cb227c51e4a21 GIT Branch: stable
