From 2e6624f2b9772f5da77e85075ecc8581c2480995 Mon Sep 17 00:00:00 2001
From: Javinator9889 <dev@javinator9889.com>
Date: Mon, 4 Jan 2021 13:45:33 +0100
Subject: [PATCH] config: do not allow disabling lockdown and use SHA256 when
 checking keys and integrity

---
 arch/x86/configs/thdkernel-latest_defconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/configs/thdkernel-latest_defconfig b/arch/x86/configs/thdkernel-latest_defconfig
index 3e8c454bab64..40f832a19257 100644
--- a/arch/x86/configs/thdkernel-latest_defconfig
+++ b/arch/x86/configs/thdkernel-latest_defconfig
@@ -1982,6 +1982,7 @@ CONFIG_INTEGRITY_SIGNATURE=y
 CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
 CONFIG_INTEGRITY_PLATFORM_KEYRING=y
 CONFIG_IMA=y
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
 CONFIG_IMA_APPRAISE=y
 CONFIG_IMA_APPRAISE_MODSIG=y
 CONFIG_EVM=y