From bece5174f0345d923959a8b437ec9d46acd1edd4 Mon Sep 17 00:00:00 2001 From: CBL-Mariner Servicing Account Date: Thu, 30 Jan 2025 20:21:09 +0000 Subject: [PATCH] Apply config changes to AMD64 --- SPECS-EXTENDED/kernel-rt/config | 18 +++++++----------- .../kernel-rt/kernel-rt.signatures.json | 2 +- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/SPECS-EXTENDED/kernel-rt/config b/SPECS-EXTENDED/kernel-rt/config index 019d287ebbd..ad172f9eb79 100644 --- a/SPECS-EXTENDED/kernel-rt/config +++ b/SPECS-EXTENDED/kernel-rt/config @@ -512,7 +512,6 @@ CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_DYNAMIC_MEMORY_LAYOUT=y CONFIG_RANDOMIZE_MEMORY=y CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa -# CONFIG_ADDRESS_MASKING is not set CONFIG_HOTPLUG_CPU=y # CONFIG_COMPAT_VDSO is not set # CONFIG_LEGACY_VSYSCALL_XONLY is not set @@ -1067,6 +1066,7 @@ CONFIG_MIGRATION=y CONFIG_DEVICE_MIGRATION=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y CONFIG_CONTIG_ALLOC=y +CONFIG_PCP_BATCH_SCALE_MAX=5 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y @@ -2452,16 +2452,6 @@ CONFIG_DM_VERITY_FEC=y # CONFIG_DM_LOG_WRITES is not set # CONFIG_DM_INTEGRITY is not set # CONFIG_DM_AUDIT is not set -CONFIG_DM_IMA_MEASURE_CACHE=y -CONFIG_DM_IMA_MEASURE_CRYPT=y -CONFIG_DM_IMA_MEASURE_INTEGRITY=y -CONFIG_DM_IMA_MEASURE_LINEAR=y -CONFIG_DM_IMA_MEASURE_MIRROR=y -CONFIG_DM_IMA_MEASURE_MULTIPATH=y -CONFIG_DM_IMA_MEASURE_RAID=y -CONFIG_DM_IMA_MEASURE_SNAPSHOT=y -CONFIG_DM_IMA_MEASURE_STRIPED=y -CONFIG_DM_IMA_MEASURE_VERITY=y # CONFIG_TARGET_CORE is not set CONFIG_FUSION=y CONFIG_FUSION_SPI=y @@ -4579,6 +4569,7 @@ CONFIG_DVB_SP2=m # Graphics support # CONFIG_APERTURE_HELPERS=y +CONFIG_SCREEN_INFO=y CONFIG_VIDEO_CMDLINE=y CONFIG_VIDEO_NOMODESET=y # CONFIG_AUXDISPLAY is not set @@ -5361,6 +5352,7 @@ CONFIG_HID_HYPERV_MOUSE=m # CONFIG_HID_ZYDACRON is not set # CONFIG_HID_SENSOR_HUB is not set # CONFIG_HID_ALPS is not set +# CONFIG_HID_MCP2200 is not set # CONFIG_HID_MCP2221 is not set # end of Special HID drivers @@ -7112,6 +7104,9 @@ CONFIG_ENCRYPTED_KEYS=m # CONFIG_USER_DECRYPTED_DATA is not set # CONFIG_KEY_DH_OPERATIONS is not set CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_PROC_MEM_ALWAYS_FORCE=y +# CONFIG_PROC_MEM_FORCE_PTRACE is not set +# CONFIG_PROC_MEM_NO_FORCE is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y @@ -7147,6 +7142,7 @@ CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_SECURITY_LANDLOCK is not set # CONFIG_SECURITY_IPE is not set CONFIG_INTEGRITY=y diff --git a/SPECS-EXTENDED/kernel-rt/kernel-rt.signatures.json b/SPECS-EXTENDED/kernel-rt/kernel-rt.signatures.json index 78a4b9816cc..b8efd1d25f2 100644 --- a/SPECS-EXTENDED/kernel-rt/kernel-rt.signatures.json +++ b/SPECS-EXTENDED/kernel-rt/kernel-rt.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "43963dcd73f4136fd19d7a8a9a7f51d73868744127a7871e96f57e9e3bd9152c", + "config": "bbbfc3923a256d98c620769a74d1aa15e7f5a411ede10e94fe0ef30c8b469536", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",