diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2018-09-09 13:23:25 -0700 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2018-09-09 13:23:25 -0700 |
commit | 991a887da975bd50c50ff4dc2d894275335bf293 (patch) | |
tree | d76a5a3383912c8bb4e12813741f5d3ab30a888f /config.x86_64 | |
parent | Updated to 4.18.6.a (diff) | |
download | linux-hardened-ck-991a887da975bd50c50ff4dc2d894275335bf293.tar.xz |
Updated to 4.18.7.a | Enable module signature checking with module.sig_enforce=1 on kernel command line. Don't enable with dkms.
Diffstat (limited to 'config.x86_64')
-rw-r--r-- | config.x86_64 | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/config.x86_64 b/config.x86_64 index 04f67cf..184f704 100644 --- a/config.x86_64 +++ b/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.18.6 Kernel Configuration +# Linux/x86 4.18.7 Kernel Configuration # # @@ -379,7 +379,15 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS=y # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=y @@ -9415,7 +9423,7 @@ CONFIG_CRYPTO_SHA1_MB=m CONFIG_CRYPTO_SHA256_MB=m CONFIG_CRYPTO_SHA512_MB=m CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m # CONFIG_CRYPTO_SM3 is not set CONFIG_CRYPTO_TGR192=m @@ -9523,6 +9531,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set |