From 991a887da975bd50c50ff4dc2d894275335bf293 Mon Sep 17 00:00:00 2001 From: jc_gargma Date: Sun, 9 Sep 2018 13:23:25 -0700 Subject: Updated to 4.18.7.a | Enable module signature checking with module.sig_enforce=1 on kernel command line. Don't enable with dkms. --- config.x86_64 | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'config.x86_64') diff --git a/config.x86_64 b/config.x86_64 index 04f67cf..184f704 100644 --- a/config.x86_64 +++ b/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.18.6 Kernel Configuration +# Linux/x86 4.18.7 Kernel Configuration # # @@ -379,7 +379,15 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS=y # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=y @@ -9415,7 +9423,7 @@ CONFIG_CRYPTO_SHA1_MB=m CONFIG_CRYPTO_SHA256_MB=m CONFIG_CRYPTO_SHA512_MB=m CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m # CONFIG_CRYPTO_SM3 is not set CONFIG_CRYPTO_TGR192=m @@ -9523,6 +9531,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -- cgit v1.2.1