Date: Saturday, April 17, 2021 @ 00:56:34 Author: heftig Revision: 412730
Revert "Enable LOAD_UEFI_KEYS" It didn't help secure dkms modules like we thought it would. Modified: linux/trunk/PKGBUILD linux/trunk/config ----------+ PKGBUILD | 2 +- config | 12 +----------- 2 files changed, 2 insertions(+), 12 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-04-17 00:49:27 UTC (rev 412729) +++ PKGBUILD 2021-04-17 00:56:34 UTC (rev 412730) @@ -25,7 +25,7 @@ 'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig) ) sha256sums=('SKIP' - '2e3b1f1b6ceb958a3e4b2a4740c77953287a2cdb156234af8c9bf9ddad9268e3') + 'eb0994b0a8f270b39ac660d274fe19bf1bc120cac88fe12d3f07497df1662918') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase Modified: config =================================================================== --- config 2021-04-17 00:49:27 UTC (rev 412729) +++ config 2021-04-17 00:56:34 UTC (rev 412730) @@ -9628,17 +9628,8 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set -CONFIG_INTEGRITY=y -CONFIG_INTEGRITY_SIGNATURE=y -CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y -CONFIG_INTEGRITY_TRUSTED_KEYRING=y -CONFIG_INTEGRITY_PLATFORM_KEYRING=y -CONFIG_LOAD_UEFI_KEYS=y -CONFIG_INTEGRITY_AUDIT=y -# CONFIG_IMA is not set -# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set +# CONFIG_INTEGRITY is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set -# CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set @@ -10043,7 +10034,6 @@ CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y -CONFIG_SIGNATURE=y CONFIG_DIMLIB=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y