Commit f27db89e authored Feb 06, 2024 by zgzxx

ima: add default INITRAMFS_FILE_METADATA and EVM_DEFAULT_HASH CONFIG

euleros inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I91CXF


CVE: NA

-------------------------------------------------

This patch is to add default INITRAMFS_FILE_METADATA, EVM_DEFAULT_HASH_SHA1,
EVM_DEFAULT_HASH_SHA256 and EVM_DEFAULT_HASH_SHA512 CONFIG

Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>

parent 4a2f6e98

arch/arm64/configs/openeuler_defconfig

+4 −0

Original line number	Diff line number	Diff line
		@@ -216,6 +216,7 @@ CONFIG_RD_XZ=y
		CONFIG_RD_LZO=y
		CONFIG_RD_LZ4=y
		CONFIG_RD_ZSTD=y
		CONFIG_INITRAMFS_FILE_METADATA=""
		CONFIG_BOOT_CONFIG=y
		# CONFIG_BOOT_CONFIG_FORCE is not set
		# CONFIG_BOOT_CONFIG_EMBED is not set
		@@ -7260,6 +7261,9 @@ CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
		# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
		# CONFIG_IMA_DISABLE_HTABLE is not set
		CONFIG_EVM=y
		CONFIG_EVM_DEFAULT_HASH_SHA1=n
		CONFIG_EVM_DEFAULT_HASH_SHA256=y
		CONFIG_EVM_DEFAULT_HASH_SHA512=n
		CONFIG_EVM_ATTR_FSUUID=y
		# CONFIG_EVM_ADD_XATTRS is not set
		CONFIG_EVM_LOAD_X509=y

arch/x86/configs/openeuler_defconfig

+4 −0

Original line number	Diff line number	Diff line
		@@ -237,6 +237,7 @@ CONFIG_RD_XZ=y
		CONFIG_RD_LZO=y
		CONFIG_RD_LZ4=y
		CONFIG_RD_ZSTD=y
		CONFIG_INITRAMFS_FILE_METADATA=""
		CONFIG_BOOT_CONFIG=y
		# CONFIG_BOOT_CONFIG_FORCE is not set
		# CONFIG_BOOT_CONFIG_EMBED is not set
		@@ -8451,6 +8452,9 @@ CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
		# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
		# CONFIG_IMA_DISABLE_HTABLE is not set
		CONFIG_EVM=y
		CONFIG_EVM_DEFAULT_HASH_SHA1=n
		CONFIG_EVM_DEFAULT_HASH_SHA256=y
		CONFIG_EVM_DEFAULT_HASH_SHA512=n
		CONFIG_EVM_ATTR_FSUUID=y
		# CONFIG_EVM_ADD_XATTRS is not set
		CONFIG_EVM_LOAD_X509=y