[SRU][I/riscv][PATCH] UBUNTU: [Config] enable built-in revocation certificates
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Mon Sep 20 20:43:55 UTC 2021
Enable built-in revocation certificates to pass required boot test.
Despite do_enforce_all = true, configs of the master kernel are not
being enforced on the riscv flavour. Maybe this is because the master
kernel doesn't have full riscv64 support and configs at all.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
---
debian.riscv/config/config.common.ubuntu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian.riscv/config/config.common.ubuntu b/debian.riscv/config/config.common.ubuntu
index 677cf5ffa0..9ce169901c 100644
--- a/debian.riscv/config/config.common.ubuntu
+++ b/debian.riscv/config/config.common.ubuntu
@@ -6961,7 +6961,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_DATA_VERIFICATION=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
-CONFIG_SYSTEM_REVOCATION_KEYS=""
+CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"
CONFIG_SYSTEM_REVOCATION_LIST=y
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"
--
2.30.2
More information about the kernel-team
mailing list