Commit 8b293dbc authored by Roberto Sassu's avatar Roberto Sassu Committed by Zheng Zengkai
Browse files

config: add digest list options for arm64 and x86 



hulk inclusion
category: feature
feature: IMA Digest Lists extension
bugzilla: 46797

---------------------------

Enable digest lists and PGP keys preload.

Signed-off-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent c79f6084

arch/arm64/configs/openeuler_defconfig

+7 −0
Original line number Diff line number Diff line
@@ -6410,6 +6410,9 @@ CONFIG_IMA_TRUSTED_KEYRING=y 
CONFIG_IMA_LOAD_X509=y

CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"

# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set

CONFIG_IMA_DIGEST_LIST=y

CONFIG_IMA_DIGEST_LISTS_DIR="/etc/ima/digest_lists"

CONFIG_IMA_PARSER_BINARY_PATH="/usr/bin/upload_digest_lists"

CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y

CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y

CONFIG_EVM=y
@@ -6662,6 +6665,9 @@ CONFIG_X509_CERTIFICATE_PARSER=y 
CONFIG_PKCS7_MESSAGE_PARSER=y

# CONFIG_PKCS7_TEST_KEY is not set

CONFIG_SIGNED_PE_FILE_VERIFICATION=y

CONFIG_PGP_LIBRARY=y

CONFIG_PGP_KEY_PARSER=y

CONFIG_PGP_PRELOAD=y



#

# Certificates for signature checking
@@ -6672,6 +6678,7 @@ CONFIG_SYSTEM_TRUSTED_KEYS="" 
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set

# CONFIG_SECONDARY_TRUSTED_KEYRING is not set

# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set

CONFIG_PGP_PRELOAD_PUBLIC_KEYS=y

# end of Certificates for signature checking



CONFIG_BINARY_PRINTF=y

arch/x86/configs/openeuler_defconfig

+17 −10
Original line number Diff line number Diff line
@@ -3536,19 +3536,19 @@ CONFIG_TCG_TPM=y 
CONFIG_HW_RANDOM_TPM=y

CONFIG_TCG_TIS_CORE=y

CONFIG_TCG_TIS=y

# CONFIG_TCG_TIS_SPI is not set

CONFIG_TCG_TIS_I2C_ATMEL=m

CONFIG_TCG_TIS_I2C_INFINEON=m

CONFIG_TCG_TIS_I2C_NUVOTON=m

CONFIG_TCG_NSC=m

CONFIG_TCG_ATMEL=m

CONFIG_TCG_INFINEON=m

CONFIG_TCG_TIS_SPI=y

CONFIG_TCG_TIS_I2C_ATMEL=y

CONFIG_TCG_TIS_I2C_INFINEON=y

CONFIG_TCG_TIS_I2C_NUVOTON=y

CONFIG_TCG_NSC=y

CONFIG_TCG_ATMEL=y

CONFIG_TCG_INFINEON=y

# CONFIG_TCG_XEN is not set

CONFIG_TCG_CRB=y

# CONFIG_TCG_VTPM_PROXY is not set

CONFIG_TCG_TIS_ST33ZP24=m

CONFIG_TCG_TIS_ST33ZP24_I2C=m

# CONFIG_TCG_TIS_ST33ZP24_SPI is not set

CONFIG_TCG_TIS_ST33ZP24=y

CONFIG_TCG_TIS_ST33ZP24_I2C=y

CONFIG_TCG_TIS_ST33ZP24_SPI=y

CONFIG_TELCLOCK=m

# CONFIG_XILLYBUS is not set

# end of Character devices
@@ -7779,6 +7779,9 @@ CONFIG_IMA_TRUSTED_KEYRING=y 
CONFIG_IMA_LOAD_X509=y

CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"

# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set

CONFIG_IMA_DIGEST_LIST=y

CONFIG_IMA_DIGEST_LISTS_DIR="/etc/ima/digest_lists"

CONFIG_IMA_PARSER_BINARY_PATH="/usr/bin/upload_digest_lists"

CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y

CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y

# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
@@ -8061,6 +8064,9 @@ CONFIG_X509_CERTIFICATE_PARSER=y 
CONFIG_PKCS7_MESSAGE_PARSER=y

# CONFIG_PKCS7_TEST_KEY is not set

CONFIG_SIGNED_PE_FILE_VERIFICATION=y

CONFIG_PGP_LIBRARY=y

CONFIG_PGP_KEY_PARSER=y

CONFIG_PGP_PRELOAD=y



#

# Certificates for signature checking
@@ -8072,6 +8078,7 @@ CONFIG_SYSTEM_TRUSTED_KEYS="" 
# CONFIG_SECONDARY_TRUSTED_KEYRING is not set

CONFIG_SYSTEM_BLACKLIST_KEYRING=y

CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""

CONFIG_PGP_PRELOAD_PUBLIC_KEYS=y

# end of Certificates for signature checking



CONFIG_BINARY_PRINTF=y