FS#75041: Enable INTEGRITY_MACHINE_KEYRING and related
This commit is contained in:
parent
e29a800771
commit
5bd573c89e
2
PKGBUILD
2
PKGBUILD
|
@ -26,7 +26,7 @@ validpgpkeys=(
|
||||||
'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org>
|
'C7E7849466FE2358343588377258734B41C31549' # David Runge <dvzrv@archlinux.org>
|
||||||
)
|
)
|
||||||
sha256sums=('SKIP'
|
sha256sums=('SKIP'
|
||||||
'9f4fda38f1c59f7a20a76eff48a0cb302cb0e8e55bda53ec0f1807e10dcdad3a')
|
'45e84430e2ab74c3854254702a7dd0113b8174ab3496eb4579f198d92220270d')
|
||||||
|
|
||||||
export KBUILD_BUILD_HOST=archlinux
|
export KBUILD_BUILD_HOST=archlinux
|
||||||
export KBUILD_BUILD_USER=$pkgbase
|
export KBUILD_BUILD_USER=$pkgbase
|
||||||
|
|
13
config
13
config
|
@ -10206,8 +10206,18 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||||
CONFIG_SECURITY_LANDLOCK=y
|
CONFIG_SECURITY_LANDLOCK=y
|
||||||
# CONFIG_INTEGRITY is not set
|
CONFIG_INTEGRITY=y
|
||||||
|
CONFIG_INTEGRITY_SIGNATURE=y
|
||||||
|
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||||
|
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
|
||||||
|
CONFIG_INTEGRITY_PLATFORM_KEYRING=y
|
||||||
|
CONFIG_INTEGRITY_MACHINE_KEYRING=y
|
||||||
|
CONFIG_LOAD_UEFI_KEYS=y
|
||||||
|
CONFIG_INTEGRITY_AUDIT=y
|
||||||
|
# CONFIG_IMA is not set
|
||||||
|
# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
|
||||||
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
|
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
|
||||||
|
# CONFIG_EVM is not set
|
||||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||||
# CONFIG_DEFAULT_SECURITY_SMACK is not set
|
# CONFIG_DEFAULT_SECURITY_SMACK is not set
|
||||||
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
|
||||||
|
@ -10621,6 +10631,7 @@ CONFIG_LRU_CACHE=m
|
||||||
CONFIG_CLZ_TAB=y
|
CONFIG_CLZ_TAB=y
|
||||||
CONFIG_IRQ_POLL=y
|
CONFIG_IRQ_POLL=y
|
||||||
CONFIG_MPILIB=y
|
CONFIG_MPILIB=y
|
||||||
|
CONFIG_SIGNATURE=y
|
||||||
CONFIG_DIMLIB=y
|
CONFIG_DIMLIB=y
|
||||||
CONFIG_OID_REGISTRY=y
|
CONFIG_OID_REGISTRY=y
|
||||||
CONFIG_UCS2_STRING=y
|
CONFIG_UCS2_STRING=y
|
||||||
|
|
Loading…
Reference in New Issue