ACK/APPLIED Re: [B-OEM-OSP1][SRU][PATCH 1/1] UBUNTU: [Config]: enable CONFIG_RANDOM_TRUST_CPU
Po-Hsu Lin
po-hsu.lin at canonical.com
Tue May 28 11:35:32 UTC 2019
On Fri, May 24, 2019 at 8:52 PM Timo Aaltonen <tjaalton at ubuntu.com> wrote:
>
> On 16.5.2019 6.22, Po-Hsu Lin wrote:
> > BugLink: https://bugs.launchpad.net/bugs/1828173
> >
> > Enable the RANDOM_TRUST_CPU config to met security team's requirement
> > for kernel starting from 5.0.0.
> >
> > Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
> > ---
> > debian.oem-osp1/config/annotations | 2 +-
> > debian.oem-osp1/config/config.common.ubuntu | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/debian.oem-osp1/config/annotations b/debian.oem-osp1/config/annotations
> > index 72ab142..37015dd 100644
> > --- a/debian.oem-osp1/config/annotations
> > +++ b/debian.oem-osp1/config/annotations
> > @@ -455,7 +455,7 @@ CONFIG_CRYPTO_DRBG_HASH policy<{'amd64': 'y', 'arm64': '
> > CONFIG_CRYPTO_DRBG_CTR policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
> >
> > # Menu: Device Drivers
> > -CONFIG_RANDOM_TRUST_CPU policy<{'amd64': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
> > +CONFIG_RANDOM_TRUST_CPU policy<{'amd64': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
> > CONFIG_CHARLCD policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm'}>
> > CONFIG_THUNDERBOLT policy<{'amd64': 'm', 'i386': 'm'}>
> > CONFIG_TEE policy<{'arm64': 'm', 'armhf': 'm'}>
> > diff --git a/debian.oem-osp1/config/config.common.ubuntu b/debian.oem-osp1/config/config.common.ubuntu
> > index e819cb1..c476f48 100644
> > --- a/debian.oem-osp1/config/config.common.ubuntu
> > +++ b/debian.oem-osp1/config/config.common.ubuntu
> > @@ -5604,7 +5604,7 @@ CONFIG_RAID_ATTRS=m
> > CONFIG_RANDOMIZE_BASE=y
> > CONFIG_RANDOMIZE_MEMORY=y
> > CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
> > -# CONFIG_RANDOM_TRUST_CPU is not set
> > +CONFIG_RANDOM_TRUST_CPU=y
> > CONFIG_RAPIDIO=y
> > CONFIG_RAPIDIO_CHMAN=m
> > CONFIG_RAPIDIO_CPS_GEN2=m
> >
>
> thanks, applied to oem-next.. I wonder if there's a tool to catch these?
>
We run the test-kernel-security.py for this from qa-regression-testing,
which can be obtained from git://git.launchpad.net/qa-regression-testing
Or if you want this to be handled with the autotest framework like in
the SRU regression-testing:
sudo apt-get install git python-minimal python-yaml gdb -y
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E
autotest/client/autotest-local --verbose
autotest/client/tests/ubuntu_qrt_kernel_security/control
> --
> t
More information about the kernel-team
mailing list