From 1227232298f673f66968199457e1d6684a75ff9b Mon Sep 17 00:00:00 2001
From: Tim Gardner <tim.gardner@canonical.com>
Date: Mon, 28 Nov 2016 12:56:39 -0700
Subject: [PATCH] UBUNTU: [Config] CONFIG_IMA=y

BugLink: http://bugs.launchpad.net/bugs/1643652

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 debian.master/config/amd64/config.common.amd64     |  8 ++++++++
 debian.master/config/arm64/config.common.arm64     |  8 ++++++++
 debian.master/config/armhf/config.common.armhf     |  8 ++++++++
 debian.master/config/config.common.ubuntu          | 13 +++----------
 debian.master/config/i386/config.common.i386       |  8 ++++++++
 debian.master/config/powerpc/config.common.powerpc |  8 ++++++++
 debian.master/config/ppc64el/config.common.ppc64el | 14 +++++++++++---
 debian.master/config/s390x/config.common.s390x     |  8 ++++++++
 8 files changed, 62 insertions(+), 13 deletions(-)

diff --git a/debian.master/config/amd64/config.common.amd64 b/debian.master/config/amd64/config.common.amd64
index 40dca15cba23..f4037900e9a1 100644
--- a/debian.master/config/amd64/config.common.amd64
+++ b/debian.master/config/amd64/config.common.amd64
@@ -138,6 +138,7 @@ CONFIG_EFI=y
 # CONFIG_ENABLE_WARN_DEPRECATED is not set
 CONFIG_ENCLOSURE_SERVICES=m
 CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXTCON=y
 CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -241,6 +242,13 @@ CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IIO=m
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_QIB=m
diff --git a/debian.master/config/arm64/config.common.arm64 b/debian.master/config/arm64/config.common.arm64
index d499e2579746..4ea7484d0bf8 100644
--- a/debian.master/config/arm64/config.common.arm64
+++ b/debian.master/config/arm64/config.common.arm64
@@ -152,6 +152,7 @@ CONFIG_EFI=y
 # CONFIG_ENABLE_WARN_DEPRECATED is not set
 CONFIG_ENCLOSURE_SERVICES=m
 CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXTCON=y
 CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -269,6 +270,13 @@ CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IIO=m
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMX2_WDT is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
diff --git a/debian.master/config/armhf/config.common.armhf b/debian.master/config/armhf/config.common.armhf
index 53528c1b262a..5709568a74b7 100644
--- a/debian.master/config/armhf/config.common.armhf
+++ b/debian.master/config/armhf/config.common.armhf
@@ -146,6 +146,7 @@ CONFIG_EM_TIMER_STI=y
 # CONFIG_ENABLE_WARN_DEPRECATED is not set
 CONFIG_ENCLOSURE_SERVICES=m
 CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXTCON=y
 CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -253,6 +254,13 @@ CONFIG_IEEE802154_DRIVERS=m
 # CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
 CONFIG_IIO=m
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_IMX2_WDT=m
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 28a8d9c66a2d..71a2d21dadcb 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -2289,7 +2289,6 @@ CONFIG_DWMAC_GENERIC=m
 CONFIG_DWMAC_IPQ806X=m
 CONFIG_DWMAC_MESON=m
 CONFIG_DWMAC_ROCKCHIP=m
-CONFIG_DWMAC_STM32=m
 CONFIG_DW_APB_ICTL=y
 CONFIG_DW_APB_TIMER=y
 CONFIG_DW_APB_TIMER_OF=y
@@ -2408,7 +2407,7 @@ CONFIG_EVENT_TRACING=y
 CONFIG_EVM=y
 CONFIG_EVM_ATTR_FSUUID=y
 CONFIG_EVM_EXTRA_SMACK_XATTRS=y
-# CONFIG_EVM_LOAD_X509 is not set
+CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
 # CONFIG_EXOFS_DEBUG is not set
 CONFIG_EXOFS_FS=m
 CONFIG_EXPERT=y
@@ -3527,23 +3526,18 @@ CONFIG_IIO_TRIGGERED_BUFFER=m
 CONFIG_IIO_TRIGGERED_EVENT=m
 # CONFIG_IKCONFIG is not set
 CONFIG_IMA_APPRAISE=y
+CONFIG_IMA_APPRAISE_SIGNED_INIT=y
 CONFIG_IMA_BLACKLIST_KEYRING=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
 # CONFIG_IMA_DEFAULT_HASH_WP512 is not set
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
-# CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
 CONFIG_IMA_READ_POLICY=y
-# CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 CONFIG_IMA_TRUSTED_KEYRING=y
 CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
 CONFIG_IMG_ASCII_LCD=m
 CONFIG_IMX7D_ADC=m
 CONFIG_IMX_DMA=m
@@ -4847,7 +4841,6 @@ CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 CONFIG_MODULE_SIG_SHA512=y
 CONFIG_MODULE_SIG_UEFI=y
 CONFIG_MODULE_UNLOAD=y
-CONFIG_MODVERSIONS=y
 CONFIG_MONREADER=m
 CONFIG_MONWRITER=m
 CONFIG_MOST=m
diff --git a/debian.master/config/i386/config.common.i386 b/debian.master/config/i386/config.common.i386
index 8220ecd4f6af..e1a8abb95015 100644
--- a/debian.master/config/i386/config.common.i386
+++ b/debian.master/config/i386/config.common.i386
@@ -135,6 +135,7 @@ CONFIG_EFI=y
 # CONFIG_ENABLE_WARN_DEPRECATED is not set
 CONFIG_ENCLOSURE_SERVICES=m
 CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXTCON=y
 CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -238,6 +239,13 @@ CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IIO=m
 CONFIG_ILLEGAL_POINTER_VALUE=0
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INPUT=y
diff --git a/debian.master/config/powerpc/config.common.powerpc b/debian.master/config/powerpc/config.common.powerpc
index 8f79d070c5c1..a31fda61b212 100644
--- a/debian.master/config/powerpc/config.common.powerpc
+++ b/debian.master/config/powerpc/config.common.powerpc
@@ -122,6 +122,7 @@ CONFIG_EEPROM_MAX6875=m
 # CONFIG_ENABLE_WARN_DEPRECATED is not set
 CONFIG_ENCLOSURE_SERVICES=m
 CONFIG_ETHOC=m
+# CONFIG_EVM_LOAD_X509 is not set
 CONFIG_EXT4_FS=y
 CONFIG_EXTCON=y
 CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -215,6 +216,13 @@ CONFIG_ICS932S401=m
 CONFIG_IDLE_PAGE_TRACKING=y
 CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IIO=m
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_QIB=m
diff --git a/debian.master/config/ppc64el/config.common.ppc64el b/debian.master/config/ppc64el/config.common.ppc64el
index c02c65b9410e..b5a414e0f817 100644
--- a/debian.master/config/ppc64el/config.common.ppc64el
+++ b/debian.master/config/ppc64el/config.common.ppc64el
@@ -136,6 +136,7 @@ CONFIG_EEPROM_MAX6875=m
 CONFIG_ENCLOSURE_SERVICES=m
 CONFIG_EPAPR_BOOT=y
 CONFIG_ETHOC=m
+CONFIG_EVM_LOAD_X509=y
 CONFIG_EXT4_FS=y
 CONFIG_EXTCON=y
 CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
@@ -245,6 +246,13 @@ CONFIG_IEEE802154_DRIVERS=m
 # CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
 CONFIG_IIO=m
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha256"
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
+CONFIG_IMA_LOAD_X509=y
+# CONFIG_IMA_NG_TEMPLATE is not set
+CONFIG_IMA_SIG_TEMPLATE=y
 CONFIG_INFINIBAND_NES=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_QIB=m
@@ -647,9 +655,9 @@ CONFIG_SYSFS_SYSCALL=y
 CONFIG_SYSV68_PARTITION=y
 # CONFIG_SYS_HYPERVISOR is not set
 CONFIG_TCG_TIS_CORE=m
-CONFIG_TCG_TIS_I2C_ATMEL=m
-CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
+CONFIG_TCG_TIS_I2C_ATMEL=y
+CONFIG_TCG_TIS_I2C_INFINEON=y
+CONFIG_TCG_TIS_I2C_NUVOTON=y
 CONFIG_TCG_TIS_ST33ZP24_I2C=m
 CONFIG_TERANETICS_PHY=m
 # CONFIG_TEST_BITMAP is not set
diff --git a/debian.master/config/s390x/config.common.s390x b/debian.master/config/s390x/config.common.s390x
index 7ec49a502b16..a853cf7fd353 100644
--- a/debian.master/config/s390x/config.common.s390x
+++ b/debian.master/config/s390x/config.common.s390x
@@ -122,6 +122,7 @@ CONFIG_ENABLE_MUST_CHECK=y
 CONFIG_ENABLE_WARN_DEPRECATED=y
 # CONFIG_ENCLOSURE_SERVICES is not set
 # CONFIG_ETHOC is not set
+# CONFIG_EVM_LOAD_X509 is not set
 CONFIG_EXT4_FS=m
 # CONFIG_EXTCON is not set
 # CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
@@ -207,6 +208,13 @@ CONFIG_I2C=m
 # CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
 # CONFIG_IIO is not set
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+# CONFIG_IMA_LOAD_X509 is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_INFINIBAND_NES is not set
 # CONFIG_INFINIBAND_OCRDMA is not set
 # CONFIG_INFINIBAND_QIB is not set
-- 
2.39.5