[PATCH v2 0/1][SRU][OEM-5.17/U] enable Mok key support
You-Sheng Yang
vicamo.yang at canonical.com
Tue May 10 16:28:21 UTC 2022
From: "You-Sheng Yang (vicamo)" <vicamo.yang at canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1972802
[Impact]
Mok keys is not trusted after kernel 5.17
[Fix]
Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY for
fixing the patch "[patch] integrity: Do not load MOK and MOKx when secure boot
be disabled" was added to check if secureboot enabled for trusting the MOK key.
[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on
and load the kernel module by either modprobe or insmod.
[Where problems could occur]
Low. only affect the checking secureboot enable function.
Ivan Hu (1):
UBUNTU: [Config] enable configs for fixing kernel won't load mok
debian.oem/config/annotations | 4 ++--
debian.oem/config/config.common.ubuntu | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list