[NOBLE][PATCH] UBUNTU: [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Sun Oct 29 01:47:07 UTC 2023
BugLink: https://bugs.launchpad.net/bugs/2041735
ppc64el already used sha256, sha256 is accelerated on most arches, and
is widely used.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
---
debian.master/config/annotations | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index eadc277a74..4bc12c10c7 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -261,8 +261,8 @@ CONFIG_IMA_APPRAISE note<'LP: #1643652'>
CONFIG_IMA_ARCH_POLICY policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
CONFIG_IMA_ARCH_POLICY note<'LP: #1866909'>
-CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 'riscv64': 'n', 's390x': 'n'}>
-CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #1643652'>
+CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
+CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #2041735'>
CONFIG_IMA_KEXEC policy<{'amd64': 'y', 'arm64': 'y', 'ppc64el': 'y', 'riscv64': 'y'}>
CONFIG_IMA_KEXEC note<'LP: #1643652'>
@@ -6184,8 +6184,8 @@ CONFIG_IMA_APPRAISE_BOOTPARAM policy<{'amd64': 'y', 'arm64': '
CONFIG_IMA_APPRAISE_BUILD_POLICY policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
CONFIG_IMA_APPRAISE_MODSIG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
CONFIG_IMA_BLACKLIST_KEYRING policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
-CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha1"', 'arm64': '"sha1"', 'armhf': '"sha1"', 'ppc64el': '"sha256"', 'riscv64': '"sha1"', 's390x': '"sha1"'}>
-CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'n', 'riscv64': 'y', 's390x': 'y'}>
+CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha256"', 'arm64': '"sha256"', 'armhf': '"sha256"', 'ppc64el': '"sha256"', 'riscv64': '"sha256"', 's390x': '"sha256"'}>
+CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
CONFIG_IMA_DEFAULT_HASH_SHA512 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
CONFIG_IMA_DEFAULT_TEMPLATE policy<{'amd64': '"ima-ng"', 'arm64': '"ima-ng"', 'armhf': '"ima-ng"', 'ppc64el': '"ima-sig"', 'riscv64': '"ima-ng"', 's390x': '"ima-ng"'}>
CONFIG_IMA_DISABLE_HTABLE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
--
2.34.1
More information about the kernel-team
mailing list