From 691a6a34bde5f7a140965a67d10c4e5a3976f5c5 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Mon, 28 Oct 2019 15:09:50 +0000 Subject: [PATCH] Enable FS_VERITY (rhbz 1765933) Signed-off-by: Jeremy Cline --- configs/fedora/generic/CONFIG_FS_VERITY | 2 +- configs/fedora/generic/CONFIG_FS_VERITY_BUILTIN_SIGNATURES | 1 + configs/fedora/generic/CONFIG_FS_VERITY_DEBUG | 1 + kernel-aarch64-debug.config | 4 +++- kernel-aarch64.config | 4 +++- kernel-armv7hl-debug.config | 4 +++- kernel-armv7hl-lpae-debug.config | 4 +++- kernel-armv7hl-lpae.config | 4 +++- kernel-armv7hl.config | 4 +++- kernel-i686-debug.config | 4 +++- kernel-i686.config | 4 +++- kernel-ppc64le-debug.config | 4 +++- kernel-ppc64le.config | 4 +++- kernel-s390x-debug.config | 4 +++- kernel-s390x.config | 4 +++- kernel-x86_64-debug.config | 4 +++- kernel-x86_64.config | 4 +++- 17 files changed, 45 insertions(+), 15 deletions(-) create mode 100644 configs/fedora/generic/CONFIG_FS_VERITY_BUILTIN_SIGNATURES create mode 100644 configs/fedora/generic/CONFIG_FS_VERITY_DEBUG diff --git a/configs/fedora/generic/CONFIG_FS_VERITY b/configs/fedora/generic/CONFIG_FS_VERITY index 1c1298830..962866cac 100644 --- a/configs/fedora/generic/CONFIG_FS_VERITY +++ b/configs/fedora/generic/CONFIG_FS_VERITY @@ -1 +1 @@ -# CONFIG_FS_VERITY is not set +CONFIG_FS_VERITY=y diff --git a/configs/fedora/generic/CONFIG_FS_VERITY_BUILTIN_SIGNATURES b/configs/fedora/generic/CONFIG_FS_VERITY_BUILTIN_SIGNATURES new file mode 100644 index 000000000..a9cb95904 --- /dev/null +++ b/configs/fedora/generic/CONFIG_FS_VERITY_BUILTIN_SIGNATURES @@ -0,0 +1 @@ +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set diff --git a/configs/fedora/generic/CONFIG_FS_VERITY_DEBUG b/configs/fedora/generic/CONFIG_FS_VERITY_DEBUG new file mode 100644 index 000000000..5d654c77b --- /dev/null +++ b/configs/fedora/generic/CONFIG_FS_VERITY_DEBUG @@ -0,0 +1 @@ +# CONFIG_FS_VERITY_DEBUG is not set diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index 580becdbc..25917ed7c 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -1942,7 +1942,9 @@ CONFIG_FSL_QDMA=m # CONFIG_FSL_XGMAC_MDIO is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-aarch64.config b/kernel-aarch64.config index 20e90a894..aaa967b28 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -1926,7 +1926,9 @@ CONFIG_FSL_QDMA=m # CONFIG_FSL_XGMAC_MDIO is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 4430182ef..d7d7a9f0a 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -1959,7 +1959,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_XGMAC_MDIO is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 2bfe66a05..adda1dc48 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -1897,7 +1897,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_XGMAC_MDIO is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 44c6cd561..b37885256 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -1882,7 +1882,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_XGMAC_MDIO is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 7df7f09aa..6e8ea6ec9 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -1944,7 +1944,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_XGMAC_MDIO is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 0eefe0d84..7ef076f36 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -1681,7 +1681,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-i686.config b/kernel-i686.config index 2e713d6a1..597f8233c 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -1664,7 +1664,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 94deaadcf..f3db93aef 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -1533,7 +1533,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 0072892fb..0b4218515 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -1516,7 +1516,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index a2e626bc6..c5e323fc7 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -1533,7 +1533,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-s390x.config b/kernel-s390x.config index 42de90f4b..e61d0d588 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -1516,7 +1516,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index b0e6606f6..c1cc5697b 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -1717,7 +1717,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 4b3194369..25e8456ad 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -1700,7 +1700,9 @@ CONFIG_FSI_SCOM=m # CONFIG_FSL_QDMA is not set CONFIG_FS_MBCACHE=y CONFIG_FSNOTIFY=y -# CONFIG_FS_VERITY is not set +# CONFIG_FS_VERITY_BUILTIN_SIGNATURES is not set +# CONFIG_FS_VERITY_DEBUG is not set +CONFIG_FS_VERITY=y # CONFIG_FTL is not set CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set