From f1ac8a45535d2ae2c81137cd5700613d05d3dbf1 Mon Sep 17 00:00:00 2001
From: Jia Zhang <zhang.jia@linux.alibaba.com>
Date: Mon, 19 Mar 2018 21:24:35 -0400
Subject: ima/linux-yocto: Enable CONFIG_IMA_READ_POLICY and
 CONFIG_IMA_APPRAISE_BOOTPARAM

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
---
 meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
index 52c741f..9cd609b 100644
--- a/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
+++ b/meta-integrity/recipes-kernel/linux/linux-yocto/ima.cfg
@@ -2,7 +2,7 @@ CONFIG_IMA=y
 # CONFIG_IMA_KEXEC is not set
 # CONFIG_IMA_LSM_RULES is not set
 CONFIG_IMA_WRITE_POLICY=y
-# CONFIG_IMA_READ_POLICY is not set
+CONFIG_IMA_READ_POLICY=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
 # CONFIG_IMA_TEMPLATE is not set
 # CONFIG_IMA_NG_TEMPLATE=y is not set
@@ -15,6 +15,7 @@ CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_DEFAULT_HASH="sha256"
 CONFIG_IMA_APPRAISE=y
 CONFIG_IMA_LOAD_X509=y
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_TRUSTED_KEYRING=y
 CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_IMA_BLACKLIST_KEYRING=y
-- 
cgit v1.2.3-54-g00ecf