Just noticed that the F12 kernel have CONFIG_IMA turned off: # CONFIG_IMA is not set
I'd like to see: CONFIG_IMA=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_AUDIT=y CONFIG_IMA_LSM_RULES=y This should ONLY be enabled for 2.6.31 kernels as before my patches in 2.6.31 there were a couple of normal user trigger-able security issues with IMA. Without configuration on the boot line or configuration after boot of the ima infrastructure there is no impact to building this piece of code outside of the fact that it builds CONFIG_TCG_TPM and CONFIG_TCG_TIS in and will not allow them to be built as modules. This may cause some consternation on users of the latest lenovo thinkpads who have to patch those modules to get them to work (TPM on latest lenovo notebooks only supports ACPI not PNP for device discovery), but seeing as how noone really uses the tpm anyway and hopefully it'll be fixed upstream this week I don't see that as a large problem.... -Eric _______________________________________________ Fedora-kernel-list mailing list Fedora-kernel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-kernel-list
