mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-04-27 14:22:31 +02:00
a910fe25a9
Add kernel-configs/base with changes to be applied to the default kernel configuration, generated with 'make defconfig'. Add kernel-configs/integrity, with integrity-specific configuration options. Splitting changes helps to identify more easily the desired group of options. In the future, options could be split even further. All changes in this directory will be applied with the merge_config.sh script from the kernel source code in a Github workflow step. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
30 lines
840 B
Plaintext
30 lines
840 B
Plaintext
CONFIG_INTEGRITY=y
|
|
CONFIG_INTEGRITY_SIGNATURE=y
|
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
|
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
|
|
CONFIG_INTEGRITY_AUDIT=y
|
|
CONFIG_IMA=y
|
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
|
CONFIG_IMA_NG_TEMPLATE=y
|
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
|
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
|
CONFIG_IMA_WRITE_POLICY=y
|
|
CONFIG_IMA_READ_POLICY=y
|
|
CONFIG_IMA_APPRAISE=y
|
|
CONFIG_IMA_ARCH_POLICY=y
|
|
CONFIG_IMA_APPRAISE_BUILD_POLICY=y
|
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
|
CONFIG_IMA_APPRAISE_MODSIG=y
|
|
CONFIG_IMA_TRUSTED_KEYRING=y
|
|
CONFIG_IMA_BLACKLIST_KEYRING=y
|
|
CONFIG_IMA_LOAD_X509=y
|
|
CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
|
|
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
|
|
CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
|
|
CONFIG_EVM=y
|
|
CONFIG_EVM_ATTR_FSUUID=y
|
|
CONFIG_EVM_ADD_XATTRS=y
|
|
CONFIG_EVM_LOAD_X509=y
|
|
CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
|