Commit b7d8ea90 authored by Huaxin Lu's avatar Huaxin Lu
Browse files

ima: Enable modsig appraisal by default 

euleros inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I967Z0


CVE: NA

-----------------------------------------

IMA digest list feature will use modsig in oe24.03, enable the
modsig by default.

Signed-off-by: default avatarHuaxin Lu <luhuaxin1@huawei.com>
parent e5f7904f

arch/arm64/configs/openeuler_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -7278,7 +7278,7 @@ CONFIG_IMA_APPRAISE=y 
# CONFIG_IMA_ARCH_POLICY is not set

# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set

CONFIG_IMA_APPRAISE_BOOTPARAM=y

# CONFIG_IMA_APPRAISE_MODSIG is not set

CONFIG_IMA_APPRAISE_MODSIG=y

# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set

# CONFIG_IMA_BLACKLIST_KEYRING is not set

CONFIG_IMA_LOAD_X509=y

arch/x86/configs/openeuler_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -8454,7 +8454,7 @@ CONFIG_IMA_APPRAISE=y 
# CONFIG_IMA_ARCH_POLICY is not set

# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set

CONFIG_IMA_APPRAISE_BOOTPARAM=y

# CONFIG_IMA_APPRAISE_MODSIG is not set

CONFIG_IMA_APPRAISE_MODSIG=y

# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set

# CONFIG_IMA_BLACKLIST_KEYRING is not set

CONFIG_IMA_LOAD_X509=y