From 457c8e99e46ba0045c0f23e45fd3d67d45c3faee Mon Sep 17 00:00:00 2001
From: Evgenii Shatokhin <eugene.shatokhin@rosalab.ru>
Date: Tue, 26 Jul 2016 12:54:15 +0300
Subject: [PATCH] Enabled INTEGRITY and IMA

This helps unify the kernels for the ordinary systems and for the
certified systems a bit more.
---
 kernel-i586.config   | 19 +++++++++++++++++--
 kernel-x86_64.config | 19 +++++++++++++++++--
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/kernel-i586.config b/kernel-i586.config
index aa2a00b..a31e783 100644
--- a/kernel-i586.config
+++ b/kernel-i586.config
@@ -8084,7 +8084,22 @@ CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
 CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_YAMA is not set
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY=y
+# CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not set
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_IMA=y
+# CONFIG_IMA_TEMPLATE is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
+# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
+# CONFIG_EVM is not set
+# CONFIG_IMA_APPRAISE is not set
+# CONFIG_IMA_WRITE_POLICY is not set
+# CONFIG_IMA_READ_POLICY is not set
 CONFIG_DEFAULT_SECURITY_TOMOYO=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
 CONFIG_DEFAULT_SECURITY="tomoyo"
@@ -8268,7 +8283,7 @@ CONFIG_VIRTUALIZATION=y
 CONFIG_KVM=m
 CONFIG_KVM_INTEL=m
 CONFIG_KVM_AMD=m
-# CONFIG_KVM_MMU_AUDIT is not set
+CONFIG_KVM_MMU_AUDIT=y
 CONFIG_KVM_DEVICE_ASSIGNMENT=y
 CONFIG_LGUEST=m
 CONFIG_BINARY_PRINTF=y
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index b19d795..a65d753 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -7884,7 +7884,22 @@ CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
 CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 # CONFIG_SECURITY_APPARMOR is not set
 # CONFIG_SECURITY_YAMA is not set
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY=y
+# CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not set
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_IMA=y
+# CONFIG_IMA_TEMPLATE is not set
+CONFIG_IMA_NG_TEMPLATE=y
+# CONFIG_IMA_SIG_TEMPLATE is not set
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
+# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
+# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
+# CONFIG_EVM is not set
+# CONFIG_IMA_APPRAISE is not set
+# CONFIG_IMA_WRITE_POLICY is not set
+# CONFIG_IMA_READ_POLICY is not set
 CONFIG_DEFAULT_SECURITY_TOMOYO=y
 # CONFIG_DEFAULT_SECURITY_DAC is not set
 CONFIG_DEFAULT_SECURITY="tomoyo"
@@ -8087,7 +8102,7 @@ CONFIG_VIRTUALIZATION=y
 CONFIG_KVM=m
 CONFIG_KVM_INTEL=m
 CONFIG_KVM_AMD=m
-# CONFIG_KVM_MMU_AUDIT is not set
+CONFIG_KVM_MMU_AUDIT=y
 CONFIG_KVM_DEVICE_ASSIGNMENT=y
 CONFIG_BINARY_PRINTF=y