| Joel Stanley | 0b31494 | 2020-01-02 18:37:13 +1100 | [diff] [blame] | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 2 | From: Joel Stanley <joel@jms.id.au> |
| 3 | Date: Thu, 2 Jan 2020 17:32:11 +1100 |
| 4 | Subject: [PATCH 3/4] powerpc/config: Enable secuity features in skiroot |
| 5 | |
| 6 | This turns on HARDENED_USERCOPY with HARDENED_USERCOPY_PAGESPAN, and |
| 7 | FORTIFY_SOURCE. |
| 8 | |
| 9 | It also enables SECURITY_LOCKDOWN_LSM with _EARLY and |
| 10 | LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY options enabled. |
| 11 | |
| 12 | Signed-off-by: Joel Stanley <joel@jms.id.au> |
| 13 | --- |
| 14 | arch/powerpc/configs/skiroot_defconfig | 13 ++++++++++++- |
| 15 | 1 file changed, 12 insertions(+), 1 deletion(-) |
| 16 | |
| 17 | diff --git a/arch/powerpc/configs/skiroot_defconfig b/arch/powerpc/configs/skiroot_defconfig |
| 18 | index 1e18454083ff..bbd30eb1482e 100644 |
| 19 | --- a/arch/powerpc/configs/skiroot_defconfig |
| 20 | +++ b/arch/powerpc/configs/skiroot_defconfig |
| 21 | @@ -33,7 +33,6 @@ CONFIG_JUMP_LABEL=y |
| 22 | CONFIG_STRICT_KERNEL_RWX=y |
| 23 | CONFIG_MODULES=y |
| 24 | CONFIG_MODULE_UNLOAD=y |
| 25 | -CONFIG_MODULE_SIG=y |
| 26 | CONFIG_MODULE_SIG_FORCE=y |
| 27 | CONFIG_MODULE_SIG_SHA512=y |
| 28 | CONFIG_PARTITION_ADVANCED=y |
| 29 | @@ -278,6 +277,18 @@ CONFIG_NLS_CODEPAGE_437=y |
| 30 | CONFIG_NLS_ASCII=y |
| 31 | CONFIG_NLS_ISO8859_1=y |
| 32 | CONFIG_NLS_UTF8=y |
| 33 | +CONFIG_ENCRYPTED_KEYS=y |
| 34 | +CONFIG_SECURITY=y |
| 35 | +CONFIG_HARDENED_USERCOPY=y |
| 36 | +# CONFIG_HARDENED_USERCOPY_FALLBACK is not set |
| 37 | +CONFIG_HARDENED_USERCOPY_PAGESPAN=y |
| 38 | +CONFIG_FORTIFY_SOURCE=y |
| 39 | +CONFIG_SECURITY_LOCKDOWN_LSM=y |
| 40 | +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y |
| 41 | +CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY=y |
| 42 | +# CONFIG_INTEGRITY is not set |
| 43 | +CONFIG_LSM="yama,loadpin,safesetid,integrity" |
| 44 | +# CONFIG_CRYPTO_HW is not set |
| 45 | CONFIG_CRC16=y |
| 46 | CONFIG_CRC_ITU_T=y |
| 47 | CONFIG_LIBCRC32C=y |