kernel: enable and enforce signed kernel modules

[ipfire-2.x.git] / config / kernel / kernel.config.aarch64-ipfire

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index e79403bc77812e09151b734f069e94f414da75aa..32ad2df0711783eed82d8f7d55f79ee913d64408 100644 (file)
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.14.154-ipfire Kernel Configuration
+# Linux/arm64 4.14.166-ipfire Kernel Configuration
 #
 CONFIG_ARM64=y
 CONFIG_64BIT=y
@@ -221,7 +221,7 @@ CONFIG_SLAB_MERGE_DEFAULT=y
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_FREELIST_HARDENED=y
 CONFIG_SLUB_CPU_PARTIAL=y
-# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+CONFIG_SYSTEM_DATA_VERIFICATION=y
 # CONFIG_PROFILING is not set
 CONFIG_TRACEPOINTS=y
 # CONFIG_KPROBES is not set
@@ -306,7 +306,15 @@ CONFIG_MODULE_UNLOAD=y
 # CONFIG_MODULE_FORCE_UNLOAD is not set
 CONFIG_MODVERSIONS=y
 CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
 CONFIG_MODULE_COMPRESS=y
 # CONFIG_MODULE_COMPRESS_GZIP is not set
 CONFIG_MODULE_COMPRESS_XZ=y
@@ -369,6 +377,7 @@ CONFIG_MQ_IOSCHED_KYBER=y
 CONFIG_IOSCHED_BFQ=y
 CONFIG_BFQ_GROUP_IOSCHED=y
 CONFIG_PADATA=y
+CONFIG_ASN1=y
 CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
 CONFIG_INLINE_READ_UNLOCK=y
 CONFIG_INLINE_READ_UNLOCK_IRQ=y
@@ -2065,6 +2074,7 @@ CONFIG_ACENIC=m
 # CONFIG_ACENIC_OMIT_TIGON_I is not set
 CONFIG_ALTERA_TSE=m
 CONFIG_NET_VENDOR_AMAZON=y
+CONFIG_ENA_ETHERNET=m
 CONFIG_NET_VENDOR_AMD=y
 CONFIG_AMD8111_ETH=m
 CONFIG_PCNET32=m
@@ -6609,6 +6619,7 @@ CONFIG_CRYPTO=y
 #
 # Crypto core or helper
 #
+# CONFIG_CRYPTO_FIPS is not set
 CONFIG_CRYPTO_ALGAPI=y
 CONFIG_CRYPTO_ALGAPI2=y
 CONFIG_CRYPTO_AEAD=y
@@ -6621,10 +6632,11 @@ CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
 CONFIG_CRYPTO_RNG_DEFAULT=y
 CONFIG_CRYPTO_AKCIPHER2=y
+CONFIG_CRYPTO_AKCIPHER=y
 CONFIG_CRYPTO_KPP2=y
 CONFIG_CRYPTO_KPP=m
 CONFIG_CRYPTO_ACOMP2=y
-# CONFIG_CRYPTO_RSA is not set
+CONFIG_CRYPTO_RSA=y
 # CONFIG_CRYPTO_DH is not set
 CONFIG_CRYPTO_ECDH=m
 CONFIG_CRYPTO_MANAGER=y
@@ -6741,6 +6753,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
 CONFIG_CRYPTO_USER_API_SKCIPHER=y
 # CONFIG_CRYPTO_USER_API_RNG is not set
 # CONFIG_CRYPTO_USER_API_AEAD is not set
+CONFIG_CRYPTO_HASH_INFO=y
 CONFIG_CRYPTO_HW=y
 # CONFIG_CRYPTO_DEV_MARVELL_CESA is not set
 # CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set
@@ -6751,11 +6764,21 @@ CONFIG_CRYPTO_DEV_ROCKCHIP=y
 # CONFIG_CRYPTO_DEV_CHELSIO is not set
 CONFIG_CRYPTO_DEV_VIRTIO=m
 # CONFIG_CRYPTO_DEV_SAFEXCEL is not set
-# CONFIG_ASYMMETRIC_KEY_TYPE is not set
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+CONFIG_PKCS7_TEST_KEY=m
+# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
 
 #
 # Certificates for signature checking
 #
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SYSTEM_TRUSTED_KEYS=""
+# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
 # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
 # CONFIG_ARM64_CRYPTO is not set
 CONFIG_BINARY_PRINTF=y
@@ -6831,11 +6854,13 @@ CONFIG_DQL=y
 CONFIG_GLOB=y
 # CONFIG_GLOB_SELFTEST is not set
 CONFIG_NLATTR=y
+CONFIG_CLZ_TAB=y
 CONFIG_CORDIC=m
 CONFIG_DDR=y
 CONFIG_IRQ_POLL=y
+CONFIG_MPILIB=y
 CONFIG_LIBFDT=y
-CONFIG_OID_REGISTRY=m
+CONFIG_OID_REGISTRY=y
 CONFIG_UCS2_STRING=y
 CONFIG_FONT_SUPPORT=y
 # CONFIG_FONTS is not set