diff options
author | Jia Zhang <zhang.jia@linux.alibaba.com> | 2018-03-19 21:24:35 -0400 |
---|---|---|
committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2018-03-19 21:25:15 -0400 |
commit | f1ac8a45535d2ae2c81137cd5700613d05d3dbf1 (patch) | |
tree | bad9b1b24ab700f7b09461ef03aff2cf87772e28 | |
parent | 73cae2678d9630bf4ce0fbe07fb90d466a99d682 (diff) | |
download | meta-secure-core-f1ac8a45535d2ae2c81137cd5700613d05d3dbf1.tar.gz |
ima/linux-yocto: Enable CONFIG_IMA_READ_POLICY and CONFIG_IMA_APPRAISE_BOOTPARAM
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
-rw-r--r-- | meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg index 52c741f..9cd609b 100644 --- a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg +++ b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg | |||
@@ -2,7 +2,7 @@ CONFIG_IMA=y | |||
2 | # CONFIG_IMA_KEXEC is not set | 2 | # CONFIG_IMA_KEXEC is not set |
3 | # CONFIG_IMA_LSM_RULES is not set | 3 | # CONFIG_IMA_LSM_RULES is not set |
4 | CONFIG_IMA_WRITE_POLICY=y | 4 | CONFIG_IMA_WRITE_POLICY=y |
5 | # CONFIG_IMA_READ_POLICY is not set | 5 | CONFIG_IMA_READ_POLICY=y |
6 | CONFIG_IMA_MEASURE_PCR_IDX=10 | 6 | CONFIG_IMA_MEASURE_PCR_IDX=10 |
7 | # CONFIG_IMA_TEMPLATE is not set | 7 | # CONFIG_IMA_TEMPLATE is not set |
8 | # CONFIG_IMA_NG_TEMPLATE=y is not set | 8 | # CONFIG_IMA_NG_TEMPLATE=y is not set |
@@ -15,6 +15,7 @@ CONFIG_IMA_DEFAULT_HASH_SHA256=y | |||
15 | CONFIG_IMA_DEFAULT_HASH="sha256" | 15 | CONFIG_IMA_DEFAULT_HASH="sha256" |
16 | CONFIG_IMA_APPRAISE=y | 16 | CONFIG_IMA_APPRAISE=y |
17 | CONFIG_IMA_LOAD_X509=y | 17 | CONFIG_IMA_LOAD_X509=y |
18 | CONFIG_IMA_APPRAISE_BOOTPARAM=y | ||
18 | CONFIG_IMA_TRUSTED_KEYRING=y | 19 | CONFIG_IMA_TRUSTED_KEYRING=y |
19 | CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y | 20 | CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y |
20 | CONFIG_IMA_BLACKLIST_KEYRING=y | 21 | CONFIG_IMA_BLACKLIST_KEYRING=y |