ACK: [NOBLE][PATCH] UBUNTU: [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256

Tim Gardner tim.gardner at canonical.com
Mon Oct 30 19:25:43 UTC 2023


On 10/28/23 7:47 PM, Dimitri John Ledkov wrote:
> BugLink: https://bugs.launchpad.net/bugs/2041735
> 
> ppc64el already used sha256, sha256 is accelerated on most arches, and
> is widely used.
> 
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
> ---
>   debian.master/config/annotations | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/debian.master/config/annotations b/debian.master/config/annotations
> index eadc277a74..4bc12c10c7 100644
> --- a/debian.master/config/annotations
> +++ b/debian.master/config/annotations
> @@ -261,8 +261,8 @@ CONFIG_IMA_APPRAISE                             note<'LP: #1643652'>
>   CONFIG_IMA_ARCH_POLICY                          policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
>   CONFIG_IMA_ARCH_POLICY                          note<'LP: #1866909'>
>   
> -CONFIG_IMA_DEFAULT_HASH_SHA256                  policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 'riscv64': 'n', 's390x': 'n'}>
> -CONFIG_IMA_DEFAULT_HASH_SHA256                  note<'LP: #1643652'>
> +CONFIG_IMA_DEFAULT_HASH_SHA256                  policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
> +CONFIG_IMA_DEFAULT_HASH_SHA256                  note<'LP: #2041735'>
>   
>   CONFIG_IMA_KEXEC                                policy<{'amd64': 'y', 'arm64': 'y', 'ppc64el': 'y', 'riscv64': 'y'}>
>   CONFIG_IMA_KEXEC                                note<'LP: #1643652'>
> @@ -6184,8 +6184,8 @@ CONFIG_IMA_APPRAISE_BOOTPARAM                   policy<{'amd64': 'y', 'arm64': '
>   CONFIG_IMA_APPRAISE_BUILD_POLICY                policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
>   CONFIG_IMA_APPRAISE_MODSIG                      policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
>   CONFIG_IMA_BLACKLIST_KEYRING                    policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
> -CONFIG_IMA_DEFAULT_HASH                         policy<{'amd64': '"sha1"', 'arm64': '"sha1"', 'armhf': '"sha1"', 'ppc64el': '"sha256"', 'riscv64': '"sha1"', 's390x': '"sha1"'}>
> -CONFIG_IMA_DEFAULT_HASH_SHA1                    policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'n', 'riscv64': 'y', 's390x': 'y'}>
> +CONFIG_IMA_DEFAULT_HASH                         policy<{'amd64': '"sha256"', 'arm64': '"sha256"', 'armhf': '"sha256"', 'ppc64el': '"sha256"', 'riscv64': '"sha256"', 's390x': '"sha256"'}>
> +CONFIG_IMA_DEFAULT_HASH_SHA1                    policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
>   CONFIG_IMA_DEFAULT_HASH_SHA512                  policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
>   CONFIG_IMA_DEFAULT_TEMPLATE                     policy<{'amd64': '"ima-ng"', 'arm64': '"ima-ng"', 'armhf': '"ima-ng"', 'ppc64el': '"ima-sig"', 'riscv64': '"ima-ng"', 's390x': '"ima-ng"'}>
>   CONFIG_IMA_DISABLE_HTABLE                       policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc




More information about the kernel-team mailing list