Bug#869565: Please enable IMA signature validation

To: submit@bugs.debian.org
Subject: Bug#869565: Please enable IMA signature validation
From: Matthew Garrett <mjg59@google.com>
Date: Mon, 24 Jul 2017 12:50:41 +0100
Message-id: <[🔎] CACdnJuu3GGZDA4Nr7aUwEHF5v2xytXR-LOnz_tn7T+WyXKxiQg@mail.gmail.com>
Reply-to: Matthew Garrett <mjg59@google.com>, 869565@bugs.debian.org

Package: linux
Severity: wishlist

IMA signature validation allows systems to be configured to refuse to
run binaries that don't have valid matching IMA signatures. This does
nothing unless a corresponding policy is loaded.

diff --git a/debian/config/config b/debian/config/config
index 632d3b402..0289bdafe 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -7091,7 +7091,8 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
 ## file: security/integrity/Kconfig
 ##
 CONFIG_INTEGRITY=y
-# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
 CONFIG_INTEGRITY_AUDIT=y

 ##

Reply to:

Prev by Date: Processed: Re: Bug#869511: linux: binNMU-unsafe dependency on linux-headers-*-common
Next by Date: Bug#852324: Upgrade from Jessie to Stretch 9.1 and caught same error
Previous by thread: Processed: block 866389 with 869433 869511
Next by thread: Bug#852324: Upgrade from Jessie to Stretch 9.1 and caught same error
Index(es):
- Date
- Thread