From 22baa65bfdc192573e8235695c015507f2905a79 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 25 Jul 2019 12:40:22 +0100
Subject: [PATCH] IMA: add IMA_KEXEC option, align ppc config to all other
 arches

---
 configs/fedora/generic/powerpc/CONFIG_IMA     | 1 -
 configs/fedora/generic/powerpc/CONFIG_TCG_TPM | 1 -
 kernel-aarch64-debug.config                   | 1 +
 kernel-aarch64.config                         | 1 +
 kernel-armv7hl-debug.config                   | 1 +
 kernel-armv7hl-lpae-debug.config              | 1 +
 kernel-armv7hl-lpae.config                    | 1 +
 kernel-armv7hl.config                         | 1 +
 kernel-i686-debug.config                      | 1 +
 kernel-i686.config                            | 1 +
 kernel-ppc64le-debug.config                   | 5 +++--
 kernel-ppc64le.config                         | 5 +++--
 kernel-s390x-debug.config                     | 1 +
 kernel-s390x.config                           | 1 +
 kernel-x86_64-debug.config                    | 1 +
 kernel-x86_64.config                          | 1 +
 16 files changed, 18 insertions(+), 6 deletions(-)
 delete mode 100644 configs/fedora/generic/powerpc/CONFIG_IMA
 delete mode 100644 configs/fedora/generic/powerpc/CONFIG_TCG_TPM

diff --git a/configs/fedora/generic/powerpc/CONFIG_IMA b/configs/fedora/generic/powerpc/CONFIG_IMA
deleted file mode 100644
index 83a06345b..000000000
--- a/configs/fedora/generic/powerpc/CONFIG_IMA
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_IMA is not set
diff --git a/configs/fedora/generic/powerpc/CONFIG_TCG_TPM b/configs/fedora/generic/powerpc/CONFIG_TCG_TPM
deleted file mode 100644
index c547d097c..000000000
--- a/configs/fedora/generic/powerpc/CONFIG_TCG_TPM
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_TCG_TPM is not set
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index c745b146f..c961c5d83 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -2415,6 +2415,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index 192df9033..ce0c36483 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -2399,6 +2399,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index cec2b9ac1..4ff01777b 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -2445,6 +2445,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 66160f1e2..475f51a90 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -2362,6 +2362,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index bbb6e342d..575fc03d4 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -2347,6 +2347,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 83c2017e0..e490a2fff 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -2430,6 +2430,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index 1ad12cade..674b21712 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -2162,6 +2162,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_ARCH_POLICY is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-i686.config b/kernel-i686.config
index 47cb8efba..a8316dc35 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -2145,6 +2145,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_ARCH_POLICY is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index 6d5a7c928..5bb309d73 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -1968,7 +1968,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
-# CONFIG_IMA is not set
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
@@ -1977,6 +1977,7 @@ CONFIG_IMA_READ_POLICY=y
 # CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
 # CONFIG_IMG_ASCII_LCD is not set
 # CONFIG_INA2XX_ADC is not set
 CONFIG_INET6_AH=m
@@ -5274,7 +5275,7 @@ CONFIG_TCG_NSC=m
 # CONFIG_TCG_TIS_ST33ZP24_I2C is not set
 # CONFIG_TCG_TIS_ST33ZP24_SPI is not set
 CONFIG_TCG_TIS=y
-# CONFIG_TCG_TPM is not set
+CONFIG_TCG_TPM=y
 CONFIG_TCG_VTPM_PROXY=m
 # CONFIG_TCG_XEN is not set
 CONFIG_TCM_FC=m
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index a06cc62d2..d1118e8b0 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -1951,7 +1951,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
-# CONFIG_IMA is not set
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
@@ -1960,6 +1960,7 @@ CONFIG_IMA_READ_POLICY=y
 # CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA=y
 # CONFIG_IMG_ASCII_LCD is not set
 # CONFIG_INA2XX_ADC is not set
 CONFIG_INET6_AH=m
@@ -5251,7 +5252,7 @@ CONFIG_TCG_NSC=m
 # CONFIG_TCG_TIS_ST33ZP24_I2C is not set
 # CONFIG_TCG_TIS_ST33ZP24_SPI is not set
 CONFIG_TCG_TIS=y
-# CONFIG_TCG_TPM is not set
+CONFIG_TCG_TPM=y
 CONFIG_TCG_VTPM_PROXY=m
 # CONFIG_TCG_XEN is not set
 CONFIG_TCM_FC=m
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index e59d32127..18e189b1d 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -1946,6 +1946,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-s390x.config b/kernel-s390x.config
index 45076e6f7..d4f7bec16 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -1929,6 +1929,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 7da3fc7ae..34fc2baa3 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -2205,6 +2205,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_ARCH_POLICY is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 47475f7f7..cb5e5abfd 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -2188,6 +2188,7 @@ CONFIG_IKHEADERS=m
 # CONFIG_IMA_ARCH_POLICY is not set
 # CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
 CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_KEXEC=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10