[PATCH Yakkety SRU] UBUNTU: [Config] CONFIG_IMA=y, CONFIG_TPM=y for ppc64el
Tim Gardner
tim.gardner at canonical.com
Mon Nov 28 20:35:57 UTC 2016
BugLink: http://bugs.launchpad.net/bugs/1643652
Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
---
debian.master/abi/4.8.0-28.30/ppc64el/generic.modules | 3 ---
debian.master/config/amd64/config.common.amd64 | 8 ++++++++
debian.master/config/arm64/config.common.arm64 | 8 ++++++++
debian.master/config/armhf/config.common.armhf | 8 ++++++++
debian.master/config/config.common.ubuntu | 11 +++--------
debian.master/config/i386/config.common.i386 | 8 ++++++++
debian.master/config/powerpc/config.common.powerpc | 8 ++++++++
debian.master/config/ppc64el/config.common.ppc64el | 14 +++++++++++---
debian.master/config/s390x/config.common.s390x | 8 ++++++++
9 files changed, 62 insertions(+), 14 deletions(-)
diff --git a/debian.master/abi/4.8.0-28.30/ppc64el/generic.modules b/debian.master/abi/4.8.0-28.30/ppc64el/generic.modules
index 61ce0d8..04bdb3a 100644
--- a/debian.master/abi/4.8.0-28.30/ppc64el/generic.modules
+++ b/debian.master/abi/4.8.0-28.30/ppc64el/generic.modules
@@ -3932,9 +3932,6 @@ touchwin
tpci200
tpl0102
tpm_atmel
-tpm_i2c_atmel
-tpm_i2c_infineon
-tpm_i2c_nuvoton
tpm-rng
tpm_st33zp24
tpm_st33zp24_i2c
diff --git a/debian.master/config/amd64/config.common.amd64 b/debian.master/config/amd64/config.common.amd64
index 8c70c66..ec5f9c7 100644
--- a/debian.master/config/amd64/config.common.amd64
+++ b/debian.master/config/amd64/config.common.amd64
@@ -138,6 +138,7 @@ CONFIG_EFI=y
# CONFIG_ENABLE_WARN_DEPRECATED is not set
CONFIG_ENCLOSURE_SERVICES=m
CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
CONFIG_EXT4_FS=y
CONFIG_EXTCON=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -240,6 +241,13 @@ CONFIG_IEEE802154_DRIVERS=m
CONFIG_IIO=m
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
CONFIG_INFINIBAND_NES=m
CONFIG_INFINIBAND_OCRDMA=m
CONFIG_INFINIBAND_QIB=m
diff --git a/debian.master/config/arm64/config.common.arm64 b/debian.master/config/arm64/config.common.arm64
index d0bdc59..5de8b66 100644
--- a/debian.master/config/arm64/config.common.arm64
+++ b/debian.master/config/arm64/config.common.arm64
@@ -152,6 +152,7 @@ CONFIG_EFI=y
# CONFIG_ENABLE_WARN_DEPRECATED is not set
CONFIG_ENCLOSURE_SERVICES=m
CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
CONFIG_EXT4_FS=y
CONFIG_EXTCON=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -267,6 +268,13 @@ CONFIG_IEEE802154_DRIVERS=m
CONFIG_IIO=m
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
# CONFIG_IMX2_WDT is not set
CONFIG_INFINIBAND_NES=m
CONFIG_INFINIBAND_OCRDMA=m
diff --git a/debian.master/config/armhf/config.common.armhf b/debian.master/config/armhf/config.common.armhf
index 08056c1..99bd39d 100644
--- a/debian.master/config/armhf/config.common.armhf
+++ b/debian.master/config/armhf/config.common.armhf
@@ -146,6 +146,7 @@ CONFIG_EM_TIMER_STI=y
# CONFIG_ENABLE_WARN_DEPRECATED is not set
CONFIG_ENCLOSURE_SERVICES=m
CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
CONFIG_EXT4_FS=y
CONFIG_EXTCON=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -252,6 +253,13 @@ CONFIG_IEEE802154_DRIVERS=m
# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
CONFIG_IIO=m
CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
CONFIG_IMX2_WDT=m
CONFIG_INFINIBAND_NES=m
CONFIG_INFINIBAND_OCRDMA=m
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index aaba225..155e55d 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -2401,7 +2401,7 @@ CONFIG_EVENT_TRACING=y
CONFIG_EVM=y
CONFIG_EVM_ATTR_FSUUID=y
CONFIG_EVM_EXTRA_SMACK_XATTRS=y
-# CONFIG_EVM_LOAD_X509 is not set
+CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
# CONFIG_EXOFS_DEBUG is not set
CONFIG_EXOFS_FS=m
CONFIG_EXPERT=y
@@ -3485,23 +3485,18 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
CONFIG_IIO_TRIGGERED_EVENT=m
# CONFIG_IKCONFIG is not set
CONFIG_IMA_APPRAISE=y
+CONFIG_IMA_APPRAISE_SIGNED_INIT=y
CONFIG_IMA_BLACKLIST_KEYRING=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
-# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
CONFIG_IMA_READ_POLICY=y
-# CONFIG_IMA_SIG_TEMPLATE is not set
# CONFIG_IMA_TEMPLATE is not set
CONFIG_IMA_TRUSTED_KEYRING=y
CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
CONFIG_IMX7D_ADC=m
CONFIG_IMX_DMA=m
CONFIG_IMX_IPUV3_CORE=m
diff --git a/debian.master/config/i386/config.common.i386 b/debian.master/config/i386/config.common.i386
index 6df848a..a5d10b7 100644
--- a/debian.master/config/i386/config.common.i386
+++ b/debian.master/config/i386/config.common.i386
@@ -135,6 +135,7 @@ CONFIG_EFI=y
# CONFIG_ENABLE_WARN_DEPRECATED is not set
CONFIG_ENCLOSURE_SERVICES=m
CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
CONFIG_EXT4_FS=y
CONFIG_EXTCON=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -237,6 +238,13 @@ CONFIG_IEEE802154_DRIVERS=m
CONFIG_IIO=m
CONFIG_ILLEGAL_POINTER_VALUE=0
CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
CONFIG_INFINIBAND_NES=m
CONFIG_INFINIBAND_OCRDMA=m
CONFIG_INPUT=y
diff --git a/debian.master/config/powerpc/config.common.powerpc b/debian.master/config/powerpc/config.common.powerpc
index 74860bf..67e6aed 100644
--- a/debian.master/config/powerpc/config.common.powerpc
+++ b/debian.master/config/powerpc/config.common.powerpc
@@ -122,6 +122,7 @@ CONFIG_EEPROM_MAX6875=m
# CONFIG_ENABLE_WARN_DEPRECATED is not set
CONFIG_ENCLOSURE_SERVICES=m
CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
CONFIG_EXT4_FS=y
CONFIG_EXTCON=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -214,6 +215,13 @@ CONFIG_ICS932S401=m
CONFIG_IDLE_PAGE_TRACKING=y
CONFIG_IEEE802154_DRIVERS=m
CONFIG_IIO=m
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
CONFIG_INFINIBAND_NES=m
CONFIG_INFINIBAND_OCRDMA=m
CONFIG_INFINIBAND_QIB=m
diff --git a/debian.master/config/ppc64el/config.common.ppc64el b/debian.master/config/ppc64el/config.common.ppc64el
index b8ce49b..0826468 100644
--- a/debian.master/config/ppc64el/config.common.ppc64el
+++ b/debian.master/config/ppc64el/config.common.ppc64el
@@ -136,6 +136,7 @@ CONFIG_EEPROM_MAX6875=m
CONFIG_ENCLOSURE_SERVICES=m
CONFIG_EPAPR_BOOT=y
CONFIG_ETHOC=m
+CONFIG_EVM_LOAD_X509=y
CONFIG_EXT4_FS=y
CONFIG_EXTCON=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -244,6 +245,13 @@ CONFIG_IEEE802154_DRIVERS=m
# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
CONFIG_IIO=m
CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha256"
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
+CONFIG_IMA_LOAD_X509=y
+# CONFIG_IMA_NG_TEMPLATE is not set
+CONFIG_IMA_SIG_TEMPLATE=y
CONFIG_INFINIBAND_NES=m
CONFIG_INFINIBAND_OCRDMA=m
CONFIG_INFINIBAND_QIB=m
@@ -642,9 +650,9 @@ CONFIG_SYSFS_SYSCALL=y
CONFIG_SYSV68_PARTITION=y
# CONFIG_SYS_HYPERVISOR is not set
CONFIG_TCG_TIS_CORE=m
-CONFIG_TCG_TIS_I2C_ATMEL=m
-CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
+CONFIG_TCG_TIS_I2C_ATMEL=y
+CONFIG_TCG_TIS_I2C_INFINEON=y
+CONFIG_TCG_TIS_I2C_NUVOTON=y
CONFIG_TCG_TIS_ST33ZP24_I2C=m
CONFIG_TERANETICS_PHY=m
# CONFIG_TEST_BITMAP is not set
diff --git a/debian.master/config/s390x/config.common.s390x b/debian.master/config/s390x/config.common.s390x
index ee66e47..04d6f11 100644
--- a/debian.master/config/s390x/config.common.s390x
+++ b/debian.master/config/s390x/config.common.s390x
@@ -122,6 +122,7 @@ CONFIG_ENABLE_MUST_CHECK=y
CONFIG_ENABLE_WARN_DEPRECATED=y
# CONFIG_ENCLOSURE_SERVICES is not set
# CONFIG_ETHOC is not set
+# CONFIG_EVM_LOAD_X509 is not set
CONFIG_EXT4_FS=m
# CONFIG_EXTCON is not set
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
@@ -206,6 +207,13 @@ CONFIG_I2C=m
# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
# CONFIG_IIO is not set
CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
# CONFIG_INFINIBAND_NES is not set
# CONFIG_INFINIBAND_OCRDMA is not set
# CONFIG_INFINIBAND_QIB is not set
--
2.7.4
More information about the kernel-team
mailing list