ima: enable system extra cert to enable adding an extra cert without needing custom kernels

This commit is contained in:
Peter Robinson 2020-01-29 13:15:29 +00:00
parent 92ebc5dd37
commit 4f983e9658
16 changed files with 30 additions and 15 deletions

View File

@ -1 +1 @@
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE=y

View File

@ -0,0 +1 @@
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096

View File

@ -6348,7 +6348,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYS_HYPERVISOR is not set # CONFIG_SYS_HYPERVISOR is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -6326,7 +6326,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYS_HYPERVISOR is not set # CONFIG_SYS_HYPERVISOR is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -6577,7 +6577,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYSFS_DEPRECATED is not set # CONFIG_SYSFS_DEPRECATED is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -6556,7 +6556,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYSFS_DEPRECATED is not set # CONFIG_SYSFS_DEPRECATED is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -6329,7 +6329,8 @@ CONFIG_SYSCTL=y
CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -6308,7 +6308,8 @@ CONFIG_SYSCTL=y
CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5722,7 +5722,8 @@ CONFIG_SYSCTL=y
CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM76_ACPI=m
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5701,7 +5701,8 @@ CONFIG_SYSCTL=y
CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM76_ACPI=m
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5340,7 +5340,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYSFS_DEPRECATED is not set # CONFIG_SYSFS_DEPRECATED is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5317,7 +5317,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYSFS_DEPRECATED is not set # CONFIG_SYSFS_DEPRECATED is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5275,7 +5275,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYSFS_DEPRECATED is not set # CONFIG_SYSFS_DEPRECATED is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5252,7 +5252,8 @@ CONFIG_SYSCTL=y
# CONFIG_SYSFS_DEPRECATED is not set # CONFIG_SYSFS_DEPRECATED is not set
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5776,7 +5776,8 @@ CONFIG_SYSCTL=y
CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM76_ACPI=m
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""

View File

@ -5755,7 +5755,8 @@ CONFIG_SYSCTL=y
CONFIG_SYSTEM76_ACPI=m CONFIG_SYSTEM76_ACPI=m
CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
# CONFIG_SYSTEMPORT is not set # CONFIG_SYSTEMPORT is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYS=""