ACK/cmnt: [SRU][I/riscv][PATCH] UBUNTU: [Config] enable built-in revocation certificates
Kleber Souza
kleber.souza at canonical.com
Tue Sep 21 07:47:18 UTC 2021
On 20.09.21 22:43, Dimitri John Ledkov wrote:
> Enable built-in revocation certificates to pass required boot test.
>
> Despite do_enforce_all = true, configs of the master kernel are not
> being enforced on the riscv flavour. Maybe this is because the master
> kernel doesn't have full riscv64 support and configs at all.
>
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
We are missing a BugLink but I guess for the devel kernels this is not
enforced so it should be fine.
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Thanks
> ---
> debian.riscv/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian.riscv/config/config.common.ubuntu b/debian.riscv/config/config.common.ubuntu
> index 677cf5ffa0..9ce169901c 100644
> --- a/debian.riscv/config/config.common.ubuntu
> +++ b/debian.riscv/config/config.common.ubuntu
> @@ -6961,7 +6961,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
> CONFIG_SYSTEM_DATA_VERIFICATION=y
> CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
> CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
> -CONFIG_SYSTEM_REVOCATION_KEYS=""
> +CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"
> CONFIG_SYSTEM_REVOCATION_LIST=y
> CONFIG_SYSTEM_TRUSTED_KEYRING=y
> CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"
>
More information about the kernel-team
mailing list