diff mbox

[Xenial,SRU] UBUNTU: [Config] CONFIG_IMA=y, CONFIG_TPM=y for ppc64el

Message ID 1480366390-7910-1-git-send-email-tim.gardner@canonical.com
State New
Headers show

Commit Message

Tim Gardner Nov. 28, 2016, 8:53 p.m. UTC 
BugLink: http://bugs.launchpad.net/bugs/1643652

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 debian.master/abi/4.4.0-51.72/ppc64el/generic.modules |  3 ---
 debian.master/config/amd64/config.common.amd64        | 10 ++++++++++
 debian.master/config/arm64/config.common.arm64        | 10 ++++++++++
 debian.master/config/armhf/config.common.armhf        | 10 ++++++++++
 debian.master/config/config.common.ubuntu             | 12 ++----------
 debian.master/config/i386/config.common.i386          | 10 ++++++++++
 debian.master/config/powerpc/config.common.powerpc    | 10 ++++++++++
 debian.master/config/ppc64el/config.common.ppc64el    | 10 ++++++++++
 debian.master/config/s390x/config.common.s390x        |  7 +++++++
 9 files changed, 69 insertions(+), 13 deletions(-)

Comments

Seth Forshee Nov. 29, 2016, 5:09 p.m. UTC | #1 
On Mon, Nov 28, 2016 at 01:53:10PM -0700, Tim Gardner wrote:
> +CONFIG_IMA_APPRAISE_SIGNED_INIT=y

Acked with the same caveat regarding this option as for yakkety.
diff mbox

Patch

diff --git a/debian.master/abi/4.4.0-51.72/ppc64el/generic.modules b/debian.master/abi/4.4.0-51.72/ppc64el/generic.modules
index 881176d..3689df6 100644
--- a/debian.master/abi/4.4.0-51.72/ppc64el/generic.modules
+++ b/debian.master/abi/4.4.0-51.72/ppc64el/generic.modules
@@ -3756,9 +3756,6 @@  touchright
 touchwin
 tpci200
 tpm_atmel
-tpm_i2c_atmel
-tpm_i2c_infineon
-tpm_i2c_nuvoton
 tpm-rng
 tpm_st33zp24
 tpm_st33zp24_i2c
diff --git a/debian.master/config/amd64/config.common.amd64 b/debian.master/config/amd64/config.common.amd64
index 6b6079d..8d7acfd 100644
--- a/debian.master/config/amd64/config.common.amd64
+++ b/debian.master/config/amd64/config.common.amd64
@@ -145,6 +145,13 @@  CONFIG_IEEE802154=m
 CONFIG_IIO=m
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_QIB=m
@@ -424,6 +431,9 @@  CONFIG_SUN_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_SYSV_FS=m
 CONFIG_SYS_HYPERVISOR=y
+CONFIG_TCG_TIS_I2C_ATMEL=m
+CONFIG_TCG_TIS_I2C_INFINEON=m
+CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_THERMAL=y
 CONFIG_THUNDERBOLT=m
 CONFIG_TIFM_CORE=m
diff --git a/debian.master/config/arm64/config.common.arm64 b/debian.master/config/arm64/config.common.arm64
index 0c2bf6cf..9d557e4 100644
--- a/debian.master/config/arm64/config.common.arm64
+++ b/debian.master/config/arm64/config.common.arm64
@@ -149,6 +149,13 @@  CONFIG_IEEE802154=m
 CONFIG_IIO=m
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_QIB=m
@@ -426,6 +433,9 @@  CONFIG_SUN_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_SYSV_FS=m
 CONFIG_SYS_HYPERVISOR=y
+CONFIG_TCG_TIS_I2C_ATMEL=m
+CONFIG_TCG_TIS_I2C_INFINEON=m
+CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_THERMAL=y
 CONFIG_THUNDERBOLT=m
 CONFIG_TIFM_CORE=m
diff --git a/debian.master/config/armhf/config.common.armhf b/debian.master/config/armhf/config.common.armhf
index 8298d7f..16ba703 100644
--- a/debian.master/config/armhf/config.common.armhf
+++ b/debian.master/config/armhf/config.common.armhf
@@ -141,6 +141,13 @@  CONFIG_I6300ESB_WDT=m
 CONFIG_IEEE802154=m
 CONFIG_IIO=m
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INPUT=y
@@ -411,6 +418,9 @@  CONFIG_SUN_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_SYSV_FS=m
 # CONFIG_SYS_HYPERVISOR is not set
+CONFIG_TCG_TIS_I2C_ATMEL=m
+CONFIG_TCG_TIS_I2C_INFINEON=m
+CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_THERMAL=y
 CONFIG_THUNDERBOLT=m
 CONFIG_TIFM_CORE=m
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index cd9fb60..25f4c07 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -3387,20 +3387,15 @@  CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGERED_EVENT=m
 # CONFIG_IKCONFIG is not set
 CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_APPRAISE_SIGNED_INIT=y
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DEFAULT_HASH_WP512 is not set
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-# CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
 CONFIG_IMA_MOK_KEYRING=y
-CONFIG_IMA_NG_TEMPLATE=y
-# CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
 CONFIG_IMX2_WDT=m
 CONFIG_IMX_DMA=m
 CONFIG_IMX_IPUV3_CORE=m
@@ -7757,9 +7752,6 @@  CONFIG_TCG_IBMVTPM=y
 CONFIG_TCG_INFINEON=m
 CONFIG_TCG_NSC=m
 CONFIG_TCG_TIS=y
-CONFIG_TCG_TIS_I2C_ATMEL=m
-CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_TCG_TIS_ST33ZP24=m
 CONFIG_TCG_TIS_ST33ZP24_I2C=m
 CONFIG_TCG_TIS_ST33ZP24_SPI=m
diff --git a/debian.master/config/i386/config.common.i386 b/debian.master/config/i386/config.common.i386
index a8bff36..7b10d80 100644
--- a/debian.master/config/i386/config.common.i386
+++ b/debian.master/config/i386/config.common.i386
@@ -143,6 +143,13 @@  CONFIG_IEEE802154=m
 CONFIG_IIO=m
 CONFIG_ILLEGAL_POINTER_VALUE=0
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INPUT=y
@@ -419,6 +426,9 @@  CONFIG_SUN_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_SYSV_FS=m
 CONFIG_SYS_HYPERVISOR=y
+CONFIG_TCG_TIS_I2C_ATMEL=m
+CONFIG_TCG_TIS_I2C_INFINEON=m
+CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_THERMAL=y
 CONFIG_THUNDERBOLT=m
 CONFIG_TIFM_CORE=m
diff --git a/debian.master/config/powerpc/config.common.powerpc b/debian.master/config/powerpc/config.common.powerpc
index a5a87a3..df4e54b 100644
--- a/debian.master/config/powerpc/config.common.powerpc
+++ b/debian.master/config/powerpc/config.common.powerpc
@@ -133,6 +133,13 @@  CONFIG_I2C=y
 CONFIG_I6300ESB_WDT=m
 CONFIG_IEEE802154=m
 CONFIG_IIO=m
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_QIB=m
@@ -413,6 +420,9 @@  CONFIG_SUN_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_SYSV_FS=m
 # CONFIG_SYS_HYPERVISOR is not set
+CONFIG_TCG_TIS_I2C_ATMEL=m
+CONFIG_TCG_TIS_I2C_INFINEON=m
+CONFIG_TCG_TIS_I2C_NUVOTON=m
 CONFIG_THERMAL=y
 CONFIG_THUNDERBOLT=m
 CONFIG_TIFM_CORE=m
diff --git a/debian.master/config/ppc64el/config.common.ppc64el b/debian.master/config/ppc64el/config.common.ppc64el
index 1298dc3..07603e0 100644
--- a/debian.master/config/ppc64el/config.common.ppc64el
+++ b/debian.master/config/ppc64el/config.common.ppc64el
@@ -154,6 +154,13 @@  CONFIG_I6300ESB_WDT=m
 CONFIG_IEEE802154=m
 CONFIG_IIO=m
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha256"
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
+CONFIG_IMA_LOAD_X509=y
+# CONFIG_IMA_NG_TEMPLATE is not set
+CONFIG_IMA_SIG_TEMPLATE=y
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_QIB=m
@@ -463,6 +470,9 @@  CONFIG_SUN_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_SYSV_FS=m
 # CONFIG_SYS_HYPERVISOR is not set
+CONFIG_TCG_TIS_I2C_ATMEL=y
+CONFIG_TCG_TIS_I2C_INFINEON=y
+CONFIG_TCG_TIS_I2C_NUVOTON=y
 CONFIG_THERMAL=y
 CONFIG_THUNDERBOLT=m
 CONFIG_TIFM_CORE=m
diff --git a/debian.master/config/s390x/config.common.s390x b/debian.master/config/s390x/config.common.s390x
index 2ab8f3a..d67b004 100644
--- a/debian.master/config/s390x/config.common.s390x
+++ b/debian.master/config/s390x/config.common.s390x
@@ -119,6 +119,13 @@  CONFIG_HZ_100=y
 # CONFIG_IEEE802154 is not set
 # CONFIG_IIO is not set
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_INFINIBAND_NES is not set
 # CONFIG_INFINIBAND_OCRDMA is not set
 # CONFIG_INFINIBAND_QIB is not set