diff options
author | Dave Heller <hellerda@us.ibm.com> | 2016-06-05 16:39:56 -0400 |
---|---|---|
committer | Dave Heller <hellerda@us.ibm.com> | 2016-06-05 16:39:56 -0400 |
commit | a541bf744d1e1ddf8f30c7848775da5a6f0a3782 (patch) | |
tree | 401456bf39349a3443fcb8d2ef676f7e012aeba2 /openpower/configs/linux/skiroot_defconfig | |
parent | a24eb9843bf0b0f8789042bbc00c464e914e727c (diff) | |
download | blackbird-op-build-a541bf744d1e1ddf8f30c7848775da5a6f0a3782.tar.gz blackbird-op-build-a541bf744d1e1ddf8f30c7848775da5a6f0a3782.zip |
Enable IMA in skiroot
This adds basic support for the Integrity Measurement Subsystem to the
skiroot kernel.
The changes to skiroot_defconfig are the kernel config options to enable IMA
and the basic security subsystem. The values were obtained by running a make
menuconfig, enabling IMA and the Nuvoton TPM driver, running a make defconfig,
then updating skiroot_defconfig with this result.
The changes to /etc/fstab ensure securityfs is mounted at boot.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
Diffstat (limited to 'openpower/configs/linux/skiroot_defconfig')
-rw-r--r-- | openpower/configs/linux/skiroot_defconfig | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/openpower/configs/linux/skiroot_defconfig b/openpower/configs/linux/skiroot_defconfig index b76ecb86..231e55a5 100644 --- a/openpower/configs/linux/skiroot_defconfig +++ b/openpower/configs/linux/skiroot_defconfig @@ -157,6 +157,7 @@ CONFIG_HW_RANDOM=y CONFIG_GEN_RTC=y CONFIG_RAW_DRIVER=y CONFIG_MAX_RAW_DEVS=1024 +CONFIG_TCG_TIS_I2C_NUVOTON=y # CONFIG_I2C_COMPAT is not set CONFIG_I2C_CHARDEV=y # CONFIG_I2C_HELPER_AUTO is not set @@ -223,13 +224,13 @@ CONFIG_SCHEDSTATS=y # CONFIG_FTRACE is not set CONFIG_XMON=y CONFIG_XMON_DEFAULT=y +CONFIG_SECURITY=y +CONFIG_IMA=y +CONFIG_EVM=y # CONFIG_CRYPTO_ECHAINIV is not set CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_CMAC=y -CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_MD4=y -CONFIG_CRYPTO_MD5=y -CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_ARC4=y CONFIG_CRYPTO_DES=y # CONFIG_CRYPTO_HW is not set |