ACK/APPLIED Re: [B-OEM-OSP1][SRU][PATCH 1/1] UBUNTU: [Config]: enable CONFIG_RANDOM_TRUST_CPU

Timo Aaltonen tjaalton at ubuntu.com
Fri May 24 12:52:28 UTC 2019


On 16.5.2019 6.22, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1828173
> 
> Enable the RANDOM_TRUST_CPU config to met security team's requirement
> for kernel starting from 5.0.0.
> 
> Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
> ---
>  debian.oem-osp1/config/annotations          | 2 +-
>  debian.oem-osp1/config/config.common.ubuntu | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/debian.oem-osp1/config/annotations b/debian.oem-osp1/config/annotations
> index 72ab142..37015dd 100644
> --- a/debian.oem-osp1/config/annotations
> +++ b/debian.oem-osp1/config/annotations
> @@ -455,7 +455,7 @@ CONFIG_CRYPTO_DRBG_HASH                         policy<{'amd64': 'y', 'arm64': '
>  CONFIG_CRYPTO_DRBG_CTR                          policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
>  
>  # Menu: Device Drivers
> -CONFIG_RANDOM_TRUST_CPU                         policy<{'amd64': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
> +CONFIG_RANDOM_TRUST_CPU                         policy<{'amd64': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
>  CONFIG_CHARLCD                                  policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm'}>
>  CONFIG_THUNDERBOLT                              policy<{'amd64': 'm', 'i386': 'm'}>
>  CONFIG_TEE                                      policy<{'arm64': 'm', 'armhf': 'm'}>
> diff --git a/debian.oem-osp1/config/config.common.ubuntu b/debian.oem-osp1/config/config.common.ubuntu
> index e819cb1..c476f48 100644
> --- a/debian.oem-osp1/config/config.common.ubuntu
> +++ b/debian.oem-osp1/config/config.common.ubuntu
> @@ -5604,7 +5604,7 @@ CONFIG_RAID_ATTRS=m
>  CONFIG_RANDOMIZE_BASE=y
>  CONFIG_RANDOMIZE_MEMORY=y
>  CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
> -# CONFIG_RANDOM_TRUST_CPU is not set
> +CONFIG_RANDOM_TRUST_CPU=y
>  CONFIG_RAPIDIO=y
>  CONFIG_RAPIDIO_CHMAN=m
>  CONFIG_RAPIDIO_CPS_GEN2=m
> 

thanks, applied to oem-next.. I wonder if there's a tool to catch these?

-- 
t



More information about the kernel-team mailing list