IMA: change default hash from sha1 to sha256, the later is more secuure and hence should be the default

2019-07-17 11:09:36 +01:00 · 2019-07-17 11:09:36 +01:00 · 9311d0121a
commit 9311d0121a
parent 5c2ab4e801
16 changed files with 30 additions and 30 deletions
--- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
+++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA1
@ -1 +1 @@
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
--- a/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
+++ b/configs/fedora/generic/CONFIG_IMA_DEFAULT_HASH_SHA256
@ -1 +1 @@
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@ -2432,8 +2432,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@ -2416,8 +2416,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@ -2463,8 +2463,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@ -2381,8 +2381,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@ -2366,8 +2366,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@ -2448,8 +2448,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@ -2184,8 +2184,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-i686.config
+++ b/kernel-i686.config
@ -2167,8 +2167,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@ -1992,8 +1992,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA is not set
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@ -1975,8 +1975,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 # CONFIG_IMA is not set
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@ -1972,8 +1972,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@ -1955,8 +1955,8 @@ CONFIG_IIO_TRIGGER=y
 # CONFIG_IKCONFIG is not set
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@ -2228,8 +2228,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@ -2211,8 +2211,8 @@ CONFIG_IIO_TRIGGER=y
 CONFIG_IKHEADERS=m
 # CONFIG_IMA_APPRAISE is not set
 # CONFIG_IMA_ARCH_POLICY is not set
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10