[SRU][OEM-5.17][PATCH 1/1] UBUNTU: [Config] enable configs for fixing 5.17 kernel won't load mok
Tim Gardner
tim.gardner at canonical.com
Tue May 10 11:35:06 UTC 2022
I think you should add an annotation policy so that the reason for
making this config change is easily noted.
rtg
On 5/10/22 03:36, Ivan Hu wrote:
> BugLink: https://bugs.launchpad.net/bugs/1972802
>
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
> debian.oem/config/config.common.ubuntu | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/debian.oem/config/config.common.ubuntu b/debian.oem/config/config.common.ubuntu
> index 9aa1af667614..8b81babd105d 100644
> --- a/debian.oem/config/config.common.ubuntu
> +++ b/debian.oem/config/config.common.ubuntu
> @@ -3382,7 +3382,7 @@ CONFIG_IMA_APPRAISE=y
> CONFIG_IMA_APPRAISE_BOOTPARAM=y
> # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
> CONFIG_IMA_APPRAISE_MODSIG=y
> -# CONFIG_IMA_ARCH_POLICY is not set
> +CONFIG_IMA_ARCH_POLICY=y
> # CONFIG_IMA_BLACKLIST_KEYRING is not set
> CONFIG_IMA_DEFAULT_HASH="sha1"
> CONFIG_IMA_DEFAULT_HASH_SHA1=y
> @@ -3398,7 +3398,7 @@ CONFIG_IMA_MEASURE_PCR_IDX=10
> CONFIG_IMA_NG_TEMPLATE=y
> CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
> # CONFIG_IMA_READ_POLICY is not set
> -# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
> +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
> # CONFIG_IMA_SIG_TEMPLATE is not set
> # CONFIG_IMA_TEMPLATE is not set
> CONFIG_IMA_TRUSTED_KEYRING=y
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list