APPLIED[U]: [B, F, I][PATCH 0/2] LP:#1945989 - Check for changes relevant for security certifications

Andrea Righi andrea.righi at canonical.com
Tue Oct 26 11:08:04 UTC 2021


On Mon, Oct 04, 2021 at 10:35:45AM -0300, Marcelo Henrique Cerri wrote:
> BugLink: https://bugs.launchpad.net/bugs/1945989
> 
> Targetting Bionic and Focal because we only need that in LTS versions
> later than B. Targetting Impish too for future LTSes.
> 
> [Impact]
> 
> When producing a new version of some kernels, we need to check for
> changes that might affect FIPS or other certs and justify why a commit
> was kept or removed.
> 
> To simplify this process we can add an automated check that will abort
> the kernel preparation and build when such changes exist without a
> justification.
> 
> [Test Plan]
> 
> Check if the kernel preparation fails (cranky close) when one of a
> security certification changes is added.
> 
> [Where problems could occur]
> 
> No kernels should be affected until we enable this check on each
> one. Even when enabled, that only affects the kernel preparation and
> not the resulting kernel.

Applied also to unstable/5.15 for future LTSes.

-Andrea



More information about the kernel-team mailing list