From 8cfc5d2e0ae5a0141b1fea10f8b4d4f3efed9915 Mon Sep 17 00:00:00 2001 From: Guangyu Sun Date: Thu, 2 Apr 2015 10:27:37 -0700 Subject: [PATCH] uek-rpm: onfig: enable some secure boot features Orabug: 21539498 Signed-off-by: Guangyu Sun Signed-off-by: Santosh Shilimkar --- uek-rpm/ol6/config-x86_64 | 5 +++++ uek-rpm/ol6/config-x86_64-debug | 5 +++++ uek-rpm/ol7/config-x86_64 | 5 +++++ uek-rpm/ol7/config-x86_64-debug | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/uek-rpm/ol6/config-x86_64 b/uek-rpm/ol6/config-x86_64 index 3990899b049a..2716df721960 100644 --- a/uek-rpm/ol6/config-x86_64 +++ b/uek-rpm/ol6/config-x86_64 @@ -323,6 +323,7 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -332,6 +333,7 @@ CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y +CONFIG_MODULE_SIG_UEFI=y # CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set @@ -571,6 +573,7 @@ CONFIG_X86_INTEL_MPX=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y +CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set # CONFIG_HZ_250 is not set @@ -5994,6 +5997,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y # CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_SECURELEVEL=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_SECURITY_SELINUX=y @@ -6193,6 +6197,7 @@ CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_PUBLIC_KEY_ALGO_RSA=y CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_EFI_SIGNATURE_LIST_PARSER=y CONFIG_PKCS7_MESSAGE_PARSER=m CONFIG_PKCS7_TEST_KEY=m CONFIG_HAVE_KVM=y diff --git a/uek-rpm/ol6/config-x86_64-debug b/uek-rpm/ol6/config-x86_64-debug index f98d4125b685..1b88cd8aaec3 100644 --- a/uek-rpm/ol6/config-x86_64-debug +++ b/uek-rpm/ol6/config-x86_64-debug @@ -313,6 +313,7 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -322,6 +323,7 @@ CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y +CONFIG_MODULE_SIG_UEFI=y # CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set @@ -556,6 +558,7 @@ CONFIG_X86_INTEL_MPX=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y +CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set # CONFIG_HZ_250 is not set @@ -6015,6 +6018,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y # CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_SECURELEVEL=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_SECURITY_SELINUX=y @@ -6214,6 +6218,7 @@ CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_PUBLIC_KEY_ALGO_RSA=y CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_EFI_SIGNATURE_LIST_PARSER=y CONFIG_PKCS7_MESSAGE_PARSER=m CONFIG_PKCS7_TEST_KEY=m CONFIG_HAVE_KVM=y diff --git a/uek-rpm/ol7/config-x86_64 b/uek-rpm/ol7/config-x86_64 index a5ce7b59610b..5addb77112d4 100644 --- a/uek-rpm/ol7/config-x86_64 +++ b/uek-rpm/ol7/config-x86_64 @@ -323,6 +323,7 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -332,6 +333,7 @@ CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y +CONFIG_MODULE_SIG_UEFI=y # CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set @@ -573,6 +575,7 @@ CONFIG_X86_INTEL_MPX=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y +CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set # CONFIG_HZ_250 is not set @@ -6146,6 +6149,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y # CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_SECURELEVEL=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_SECURITY_SELINUX=y @@ -6349,6 +6353,7 @@ CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_PUBLIC_KEY_ALGO_RSA=y CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_EFI_SIGNATURE_LIST_PARSER=y CONFIG_PKCS7_MESSAGE_PARSER=y CONFIG_PKCS7_TEST_KEY=y CONFIG_SIGNED_PE_FILE_VERIFICATION=y diff --git a/uek-rpm/ol7/config-x86_64-debug b/uek-rpm/ol7/config-x86_64-debug index ae911c943209..44dc0335aea5 100644 --- a/uek-rpm/ol7/config-x86_64-debug +++ b/uek-rpm/ol7/config-x86_64-debug @@ -313,6 +313,7 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_SLABINFO=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y @@ -322,6 +323,7 @@ CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y +CONFIG_MODULE_SIG_UEFI=y # CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set @@ -558,6 +560,7 @@ CONFIG_X86_INTEL_MPX=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y +CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set # CONFIG_HZ_250 is not set @@ -6165,6 +6168,7 @@ CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y # CONFIG_SECURITY_PATH is not set +CONFIG_SECURITY_SECURELEVEL=y CONFIG_INTEL_TXT=y CONFIG_LSM_MMAP_MIN_ADDR=65535 CONFIG_SECURITY_SELINUX=y @@ -6368,6 +6372,7 @@ CONFIG_ASYMMETRIC_KEY_TYPE=y CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y CONFIG_PUBLIC_KEY_ALGO_RSA=y CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_EFI_SIGNATURE_LIST_PARSER=y CONFIG_PKCS7_MESSAGE_PARSER=y CONFIG_PKCS7_TEST_KEY=y CONFIG_SIGNED_PE_FILE_VERIFICATION=y -- 2.50.1