ima/linux-yocto: Enable CONFIG_IMA_READ_POLICY and CONFIG_IMA_APPRAISE_BOOTPARAM

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
author: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-03-19 21:24:35 -0400
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-03-19 21:25:15 -0400
commit: f1ac8a45535d2ae2c81137cd5700613d05d3dbf1 (patch)
tree: bad9b1b24ab700f7b09461ef03aff2cf87772e28
parent: 73cae2678d9630bf4ce0fbe07fb90d466a99d682 (diff)
download: meta-secure-core-f1ac8a45535d2ae2c81137cd5700613d05d3dbf1.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
index 52c741f..9cd609b 100644
--- a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
+++ b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
@@ -2,7 +2,7 @@ CONFIG_IMA=y
 # CONFIG_IMA_KEXEC is not set
 # CONFIG_IMA_LSM_RULES is not set
 CONFIG_IMA_WRITE_POLICY=y
-# CONFIG_IMA_READ_POLICY is not set
+CONFIG_IMA_READ_POLICY=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_IMA_NG_TEMPLATE=y is not set
@@ -15,6 +15,7 @@ CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_APPRAISE=y
 CONFIG_IMA_LOAD_X509=y
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_TRUSTED_KEYRING=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_BLACKLIST_KEYRING=y
author	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-03-19 21:24:35 -0400
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-03-19 21:25:15 -0400
commit	f1ac8a45535d2ae2c81137cd5700613d05d3dbf1 (patch)
tree	bad9b1b24ab700f7b09461ef03aff2cf87772e28
parent	73cae2678d9630bf4ce0fbe07fb90d466a99d682 (diff)
download	meta-secure-core-f1ac8a45535d2ae2c81137cd5700613d05d3dbf1.tar.gz