diff mbox series

[01/14] UBUNTU: [Config] align IMA config with debian.master

Message ID 20221027084203.75281-2-paolo.pisati@canonical.com
State New
Headers show
Series Use annotations from debian.master | expand

Commit Message

Paolo Pisati Oct. 27, 2022, 8:41 a.m. UTC 
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
---
 debian.kvm/config/config.common.ubuntu | 38 ++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
index 5e06b6e319fa..002c15f96de5 100644
--- a/debian.kvm/config/config.common.ubuntu
+++ b/debian.kvm/config/config.common.ubuntu
@@ -174,6 +174,7 @@  CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
 # CONFIG_ARCNET is not set
 CONFIG_ASM_MODVERSIONS=y
 CONFIG_ASN1=y
+CONFIG_ASN1_ENCODER=m
 CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_ASYMMETRIC_KEY_TYPE=y
 CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
@@ -1263,6 +1264,7 @@  CONFIG_HW_RANDOM_AMD=y
 # CONFIG_HW_RANDOM_BA431 is not set
 CONFIG_HW_RANDOM_INTEL=y
 CONFIG_HW_RANDOM_TIMERIOMEM=y
+CONFIG_HW_RANDOM_TPM=y
 # CONFIG_HW_RANDOM_VIA is not set
 CONFIG_HW_RANDOM_VIRTIO=y
 CONFIG_HW_RANDOM_XIPHERA=m
@@ -1287,9 +1289,31 @@  CONFIG_IFB=m
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
-# CONFIG_IMA is not set
+CONFIG_IMA=y
+CONFIG_IMA_APPRAISE=y
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
+# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
+CONFIG_IMA_APPRAISE_MODSIG=y
+CONFIG_IMA_ARCH_POLICY=y
+# CONFIG_IMA_BLACKLIST_KEYRING is not set
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_DISABLE_HTABLE is not set
 # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_LSM_RULES=y
+CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
+CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_NG_TEMPLATE=y
+CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
+# CONFIG_IMA_READ_POLICY is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
+CONFIG_IMA_TRUSTED_KEYRING=y
+# CONFIG_IMA_WRITE_POLICY is not set
 CONFIG_INET=y
 CONFIG_INET6_AH=m
 CONFIG_INET6_ESP=m
@@ -2743,7 +2767,14 @@  CONFIG_TASKS_TRACE_RCU=y
 CONFIG_TASK_DELAY_ACCT=y
 CONFIG_TASK_IO_ACCOUNTING=y
 CONFIG_TASK_XACCT=y
-# CONFIG_TCG_TPM is not set
+# CONFIG_TCG_ATMEL is not set
+CONFIG_TCG_CRB=y
+# CONFIG_TCG_INFINEON is not set
+# CONFIG_TCG_NSC is not set
+CONFIG_TCG_TIS=y
+CONFIG_TCG_TIS_CORE=y
+CONFIG_TCG_TPM=y
+# CONFIG_TCG_VTPM_PROXY is not set
 # CONFIG_TCM_FILEIO is not set
 # CONFIG_TCM_IBLOCK is not set
 # CONFIG_TCM_PSCSI is not set
@@ -2833,6 +2864,7 @@  CONFIG_TREE_SRCU=y
 # CONFIG_TRIM_UNUSED_KSYMS is not set
 CONFIG_TRUSTED_KEYS=m
 CONFIG_TRUSTED_KEYS_TEE=y
+CONFIG_TRUSTED_KEYS_TPM=y
 CONFIG_TTY=y
 # CONFIG_TTY_PRINTK is not set
 CONFIG_TUN=y