On Thu, Dec 03, 2020 at 12:07:26AM -0000, GitLab Bridge on behalf of bmeneg wrote: > From: bmeneg on gitlab.com > > IMA/EVM has been quite forgotten in the past few releases. > This patchset sync all options (where possible) on ARK supported arches, > following closely what is enabled in RHEL today and also enable/sync > some of > the Fedora options to better match what is being enabled in ARK. > > Bruno Meneguele (16): > redhat: enable CONFIG_INTEGRITY for aarch64 > redhat: enable CONFIG_IMA_APPRAISE > redhat: enable CONFIG_IMA_APPRAISE_BOOTPARAM > redhat: enable CONFIG_IMA_APPRAISE_MODSIG > redhat: enable CONFIG_IMA_ARCH_POLICY for ppc and x86 > redhat: disable CONFIG_IMA_DEFAULT_HASH_SHA1 > redhat: enable CONFIG_IMA_DEFAULT_HASH_SHA256 for all flavors > redhat: set default IMA template for all ARK arches > redhat: enable CONFIG_IMA_READ_POLICY on ARK > redhat: enable CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT > redhat: set CONFIG_IMA_DEFAULT_HASH to SHA256 > redhat: enable CONFIG_IMA_LOAD_X509 on ARK > redhat: enable CONFIG_EVM in all arches and flavors > redhat: enable CONFIG_EVM_ATTR_FSUUID on ARK > redhat: enable CONFIG_EVM_LOAD_X509 on ARK > redhat: explicitly disable CONFIG_IMA_APPRAISE_SIGNED_INIT Acked-by: Herton R. Krzesinski <herton@xxxxxxxxxx> -- []'s Herton _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
