mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-07-02 21:53:17 +02:00
Add kernel configuration for tests
Add kernel-configs/base with changes to be applied to the default kernel configuration, generated with 'make defconfig'. Add kernel-configs/integrity, with integrity-specific configuration options. Splitting changes helps to identify more easily the desired group of options. In the future, options could be split even further. All changes in this directory will be applied with the merge_config.sh script from the kernel source code in a Github workflow step. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Roberto Sassu
committed by
Mimi Zohar
Mimi Zohar
parent
d1b48e9783
commit
a910fe25a9
29
kernel-configs/integrity
Normal file
29
kernel-configs/integrity
Normal file
@ -0,0 +1,29 @@
|
||||
CONFIG_INTEGRITY=y
|
||||
CONFIG_INTEGRITY_SIGNATURE=y
|
||||
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
CONFIG_IMA=y
|
||||
CONFIG_IMA_MEASURE_PCR_IDX=10
|
||||
CONFIG_IMA_NG_TEMPLATE=y
|
||||
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
||||
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
||||
CONFIG_IMA_DEFAULT_HASH="sha256"
|
||||
CONFIG_IMA_WRITE_POLICY=y
|
||||
CONFIG_IMA_READ_POLICY=y
|
||||
CONFIG_IMA_APPRAISE=y
|
||||
CONFIG_IMA_ARCH_POLICY=y
|
||||
CONFIG_IMA_APPRAISE_BUILD_POLICY=y
|
||||
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
||||
CONFIG_IMA_APPRAISE_MODSIG=y
|
||||
CONFIG_IMA_TRUSTED_KEYRING=y
|
||||
CONFIG_IMA_BLACKLIST_KEYRING=y
|
||||
CONFIG_IMA_LOAD_X509=y
|
||||
CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
|
||||
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
|
||||
CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
|
||||
CONFIG_EVM=y
|
||||
CONFIG_EVM_ATTR_FSUUID=y
|
||||
CONFIG_EVM_ADD_XATTRS=y
|
||||
CONFIG_EVM_LOAD_X509=y
|
||||
CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
|
||||
Reference in New Issue
Block a user