diff --git a/PKGBUILD b/PKGBUILD index e6613ff..d472c29 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -26,7 +26,7 @@ validpgpkeys=( 'C7E7849466FE2358343588377258734B41C31549' # David Runge ) sha256sums=('SKIP' - '74d99c4a5aaf75b9a8bc62af3cae6500759575aded4fd5625b22dd8c2c2686b5') + 'ee1f138da9c39bc2510f25cd7bfc00edaa6e418b35e52ce7f8392135e51068b9') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase diff --git a/config b/config index 48b072b..44972c4 100644 --- a/config +++ b/config @@ -497,9 +497,7 @@ CONFIG_SCHED_HRTICK=y CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y CONFIG_ARCH_HAS_KEXEC_PURGATORY=y -CONFIG_KEXEC_SIG=y -# CONFIG_KEXEC_SIG_FORCE is not set -CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y +# CONFIG_KEXEC_SIG is not set CONFIG_CRASH_DUMP=y CONFIG_KEXEC_JUMP=y CONFIG_PHYSICAL_START=0x1000000 @@ -4428,7 +4426,7 @@ CONFIG_IPMI_IPMB=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m CONFIG_IPMB_DEVICE_INTERFACE=m -CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM=m CONFIG_HW_RANDOM_TIMERIOMEM=m CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m @@ -4455,10 +4453,10 @@ CONFIG_DEVPORT=y CONFIG_HPET=y # CONFIG_HPET_MMAP is not set CONFIG_HANGCHECK_TIMER=m -CONFIG_TCG_TPM=y +CONFIG_TCG_TPM=m CONFIG_HW_RANDOM_TPM=y -CONFIG_TCG_TIS_CORE=y -CONFIG_TCG_TIS=y +CONFIG_TCG_TIS_CORE=m +CONFIG_TCG_TIS=m CONFIG_TCG_TIS_SPI=m CONFIG_TCG_TIS_SPI_CR50=y CONFIG_TCG_TIS_I2C_CR50=m @@ -4469,7 +4467,7 @@ CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m CONFIG_TCG_XEN=m -CONFIG_TCG_CRB=y +CONFIG_TCG_CRB=m CONFIG_TCG_VTPM_PROXY=m CONFIG_TCG_TIS_ST33ZP24=m CONFIG_TCG_TIS_ST33ZP24_I2C=m @@ -9657,7 +9655,6 @@ CONFIG_BTT=y CONFIG_ND_PFN=m CONFIG_NVDIMM_PFN=y CONFIG_NVDIMM_DAX=y -CONFIG_NVDIMM_KEYS=y CONFIG_DAX=y CONFIG_DEV_DAX=m CONFIG_DEV_DAX_PMEM=m @@ -10154,7 +10151,7 @@ CONFIG_KEYS=y CONFIG_KEYS_REQUEST_CACHE=y CONFIG_PERSISTENT_KEYRINGS=y CONFIG_TRUSTED_KEYS=m -CONFIG_ENCRYPTED_KEYS=y +CONFIG_ENCRYPTED_KEYS=m # CONFIG_USER_DECRYPTED_DATA is not set CONFIG_KEY_DH_OPERATIONS=y CONFIG_KEY_NOTIFICATIONS=y @@ -10213,40 +10210,16 @@ CONFIG_INTEGRITY_PLATFORM_KEYRING=y CONFIG_INTEGRITY_MACHINE_KEYRING=y CONFIG_LOAD_UEFI_KEYS=y CONFIG_INTEGRITY_AUDIT=y -CONFIG_IMA=y -CONFIG_IMA_MEASURE_PCR_IDX=10 -CONFIG_IMA_LSM_RULES=y -CONFIG_IMA_NG_TEMPLATE=y -# CONFIG_IMA_SIG_TEMPLATE is not set -CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" -# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set -# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set -CONFIG_IMA_DEFAULT_HASH_SHA512=y -CONFIG_IMA_DEFAULT_HASH="sha512" -CONFIG_IMA_WRITE_POLICY=y -CONFIG_IMA_READ_POLICY=y -CONFIG_IMA_APPRAISE=y -CONFIG_IMA_ARCH_POLICY=y -# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set -CONFIG_IMA_APPRAISE_BOOTPARAM=y -CONFIG_IMA_APPRAISE_MODSIG=y -# CONFIG_IMA_TRUSTED_KEYRING is not set +# CONFIG_IMA is not set # CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set -CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y -CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y -CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y -# CONFIG_IMA_DISABLE_HTABLE is not set -CONFIG_EVM=y -CONFIG_EVM_ATTR_FSUUID=y -CONFIG_EVM_EXTRA_SMACK_XATTRS=y -CONFIG_EVM_ADD_XATTRS=y -# CONFIG_EVM_LOAD_X509 is not set +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" +CONFIG_LSM="landlock,lockdown,yama,bpf" # # Kernel hardening options @@ -10338,7 +10311,7 @@ CONFIG_CRYPTO_ECHAINIV=m # # Block modes # -CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CBC=m CONFIG_CRYPTO_CFB=m CONFIG_CRYPTO_CTR=y CONFIG_CRYPTO_CTS=m