Message ID | 20231029014707.264476-1-dimitri.ledkov@canonical.com |
---|---|
State | New |
Headers | show |
Series | [NOBLE] UBUNTU: [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256 | expand |
On 10/28/23 7:47 PM, Dimitri John Ledkov wrote: > BugLink: https://bugs.launchpad.net/bugs/2041735 > > ppc64el already used sha256, sha256 is accelerated on most arches, and > is widely used. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> > --- > debian.master/config/annotations | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/debian.master/config/annotations b/debian.master/config/annotations > index eadc277a74..4bc12c10c7 100644 > --- a/debian.master/config/annotations > +++ b/debian.master/config/annotations > @@ -261,8 +261,8 @@ CONFIG_IMA_APPRAISE note<'LP: #1643652'> > CONFIG_IMA_ARCH_POLICY policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_IMA_ARCH_POLICY note<'LP: #1866909'> > > -CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 'riscv64': 'n', 's390x': 'n'}> > -CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #1643652'> > +CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > +CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #2041735'> > > CONFIG_IMA_KEXEC policy<{'amd64': 'y', 'arm64': 'y', 'ppc64el': 'y', 'riscv64': 'y'}> > CONFIG_IMA_KEXEC note<'LP: #1643652'> > @@ -6184,8 +6184,8 @@ CONFIG_IMA_APPRAISE_BOOTPARAM policy<{'amd64': 'y', 'arm64': ' > CONFIG_IMA_APPRAISE_BUILD_POLICY policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_IMA_APPRAISE_MODSIG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_IMA_BLACKLIST_KEYRING policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > -CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha1"', 'arm64': '"sha1"', 'armhf': '"sha1"', 'ppc64el': '"sha256"', 'riscv64': '"sha1"', 's390x': '"sha1"'}> > -CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'n', 'riscv64': 'y', 's390x': 'y'}> > +CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha256"', 'arm64': '"sha256"', 'armhf': '"sha256"', 'ppc64el': '"sha256"', 'riscv64': '"sha256"', 's390x': '"sha256"'}> > +CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_IMA_DEFAULT_HASH_SHA512 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_IMA_DEFAULT_TEMPLATE policy<{'amd64': '"ima-ng"', 'arm64': '"ima-ng"', 'armhf': '"ima-ng"', 'ppc64el': '"ima-sig"', 'riscv64': '"ima-ng"', 's390x': '"ima-ng"'}> > CONFIG_IMA_DISABLE_HTABLE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 29/10/2023 02:47, Dimitri John Ledkov wrote: > BugLink: https://bugs.launchpad.net/bugs/2041735 > > ppc64el already used sha256, sha256 is accelerated on most arches, and > is widely used. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> > --- > debian.master/config/annotations | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/debian.master/config/annotations b/debian.master/config/annotations > index eadc277a74..4bc12c10c7 100644 > --- a/debian.master/config/annotations > +++ b/debian.master/config/annotations > @@ -261,8 +261,8 @@ CONFIG_IMA_APPRAISE note<'LP: #1643652'> > CONFIG_IMA_ARCH_POLICY policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_IMA_ARCH_POLICY note<'LP: #1866909'> > > -CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 'riscv64': 'n', 's390x': 'n'}> > -CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #1643652'> > +CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > +CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #2041735'> > > CONFIG_IMA_KEXEC policy<{'amd64': 'y', 'arm64': 'y', 'ppc64el': 'y', 'riscv64': 'y'}> > CONFIG_IMA_KEXEC note<'LP: #1643652'> > @@ -6184,8 +6184,8 @@ CONFIG_IMA_APPRAISE_BOOTPARAM policy<{'amd64': 'y', 'arm64': ' > CONFIG_IMA_APPRAISE_BUILD_POLICY policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_IMA_APPRAISE_MODSIG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> > CONFIG_IMA_BLACKLIST_KEYRING policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > -CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha1"', 'arm64': '"sha1"', 'armhf': '"sha1"', 'ppc64el': '"sha256"', 'riscv64': '"sha1"', 's390x': '"sha1"'}> > -CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'n', 'riscv64': 'y', 's390x': 'y'}> > +CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha256"', 'arm64': '"sha256"', 'armhf': '"sha256"', 'ppc64el': '"sha256"', 'riscv64': '"sha256"', 's390x': '"sha256"'}> > +CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_IMA_DEFAULT_HASH_SHA512 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> > CONFIG_IMA_DEFAULT_TEMPLATE policy<{'amd64': '"ima-ng"', 'arm64': '"ima-ng"', 'armhf': '"ima-ng"', 'ppc64el': '"ima-sig"', 'riscv64': '"ima-ng"', 's390x': '"ima-ng"'}> > CONFIG_IMA_DISABLE_HTABLE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On Sun, Oct 29, 2023 at 03:47:07AM +0200, Dimitri John Ledkov wrote: > BugLink: https://bugs.launchpad.net/bugs/2041735 > > ppc64el already used sha256, sha256 is accelerated on most arches, and > is widely used. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
diff --git a/debian.master/config/annotations b/debian.master/config/annotations index eadc277a74..4bc12c10c7 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -261,8 +261,8 @@ CONFIG_IMA_APPRAISE note<'LP: #1643652'> CONFIG_IMA_ARCH_POLICY policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> CONFIG_IMA_ARCH_POLICY note<'LP: #1866909'> -CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 'riscv64': 'n', 's390x': 'n'}> -CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #1643652'> +CONFIG_IMA_DEFAULT_HASH_SHA256 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> +CONFIG_IMA_DEFAULT_HASH_SHA256 note<'LP: #2041735'> CONFIG_IMA_KEXEC policy<{'amd64': 'y', 'arm64': 'y', 'ppc64el': 'y', 'riscv64': 'y'}> CONFIG_IMA_KEXEC note<'LP: #1643652'> @@ -6184,8 +6184,8 @@ CONFIG_IMA_APPRAISE_BOOTPARAM policy<{'amd64': 'y', 'arm64': ' CONFIG_IMA_APPRAISE_BUILD_POLICY policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_IMA_APPRAISE_MODSIG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> CONFIG_IMA_BLACKLIST_KEYRING policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> -CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha1"', 'arm64': '"sha1"', 'armhf': '"sha1"', 'ppc64el': '"sha256"', 'riscv64': '"sha1"', 's390x': '"sha1"'}> -CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'n', 'riscv64': 'y', 's390x': 'y'}> +CONFIG_IMA_DEFAULT_HASH policy<{'amd64': '"sha256"', 'arm64': '"sha256"', 'armhf': '"sha256"', 'ppc64el': '"sha256"', 'riscv64': '"sha256"', 's390x': '"sha256"'}> +CONFIG_IMA_DEFAULT_HASH_SHA1 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_IMA_DEFAULT_HASH_SHA512 policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_IMA_DEFAULT_TEMPLATE policy<{'amd64': '"ima-ng"', 'arm64': '"ima-ng"', 'armhf': '"ima-ng"', 'ppc64el': '"ima-sig"', 'riscv64': '"ima-ng"', 's390x': '"ima-ng"'}> CONFIG_IMA_DISABLE_HTABLE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
BugLink: https://bugs.launchpad.net/bugs/2041735 ppc64el already used sha256, sha256 is accelerated on most arches, and is widely used. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian.master/config/annotations | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)