From 991a887da975bd50c50ff4dc2d894275335bf293 Mon Sep 17 00:00:00 2001 From: jc_gargma Date: Sun, 9 Sep 2018 13:23:25 -0700 Subject: Updated to 4.18.7.a | Enable module signature checking with module.sig_enforce=1 on kernel command line. Don't enable with dkms. --- PKGBUILD | 8 ++++---- config.x86_64 | 15 ++++++++++++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/PKGBUILD b/PKGBUILD index d9f5247..2b9593b 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -6,7 +6,7 @@ pkgbase=linux-hardened-ck _majver=4.18 -_minver=6 +_minver=7 _pkgver=${_majver}.${_minver} _hardenedver=a _NUMAdisable=y @@ -44,15 +44,15 @@ source=(https://www.kernel.org/pub/linux/kernel/v4.x/linux-${_pkgver}.tar.xz drm-i915-Increase-LSPCON-timeout.patch HID-core-fix-grouping-by-application.patch ) -sha256sums=('05db97fd6891217af6d4203bdc442ef2af78d7902b6a8e9bd348682704c22894' +sha256sums=('f03b425e262a71e5079736706233a4e9afaf77c8462b552b4d6db2d33f5af731' 'SKIP' - 'd3a244e228a566d536a26fcfe57252bb6e9b61c0f070ef4bb9eaad868196bef3' + '7d716cdb26f3437660b807d68acc0406a2ba9dba59c62388d65373a19477f7ac' 'SKIP' 'cb33bfe492aeef9b1fda8d448483a7ef3d3fe27448e2114a775b25beb1bd8830' '6e1f3cc3eb9a1e30a69ef1999f9aa6ad7f2f9fe4af7ba5dabe25d4ff19ee6740' '226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d' 'e7ebf050c22bcec0028c0b3c79fd6d3913b0370ecc6a23dfe78ce475630cf503' - 'a931a1f073deada7c51ae54d8a12b3fc49c2f0b6b6bc5b6673bf634ec6f0e025' + '0a51d3ec9e6500239b057f1519356de0763a70949a5a568258b1099725cb3de3' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' diff --git a/config.x86_64 b/config.x86_64 index 04f67cf..184f704 100644 --- a/config.x86_64 +++ b/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.18.6 Kernel Configuration +# Linux/x86 4.18.7 Kernel Configuration # # @@ -379,7 +379,15 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS=y # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=y @@ -9415,7 +9423,7 @@ CONFIG_CRYPTO_SHA1_MB=m CONFIG_CRYPTO_SHA256_MB=m CONFIG_CRYPTO_SHA512_MB=m CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m # CONFIG_CRYPTO_SM3 is not set CONFIG_CRYPTO_TGR192=m @@ -9523,6 +9531,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -- cgit v1.2.1