[PATCH v2 1/1][SRU][OEM-5.17] UBUNTU: [Config] enable configs for fixing kernel won't load mok

[You-Sheng Yang]

From: Ivan Hu <ivan.hu at canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1972802

Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
---
 debian.oem/config/annotations          | 4 ++--
 debian.oem/config/config.common.ubuntu | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian.oem/config/annotations b/debian.oem/config/annotations
index 77c7f4a6ac87..c5cb0c49da2e 100644
--- a/debian.oem/config/annotations
+++ b/debian.oem/config/annotations
@@ -13964,7 +13964,7 @@ CONFIG_IMA_READ_POLICY                          mark<ENFORCED> note<LP:1667490>
 # Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements
 CONFIG_IMA_APPRAISE                             policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_APPRAISE_SIGNED_INIT                 policy<{'amd64': '-', 'arm64': '-', 'armhf': '-', 'ppc64el': 'n', 's390x': '-'}>
-CONFIG_IMA_ARCH_POLICY                          policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
+CONFIG_IMA_ARCH_POLICY                          policy<{'amd64': 'y', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
 CONFIG_IMA_APPRAISE_BOOTPARAM                   policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_APPRAISE_MODSIG                      policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_TRUSTED_KEYRING                      policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
@@ -13978,7 +13978,7 @@ CONFIG_IMA_BLACKLIST_KEYRING                    mark<ENFORCED> note<LP:1667490>
 CONFIG_IMA_LOAD_X509                            mark<ENFORCED> note<LP:1643652>
 CONFIG_IMA_X509_PATH                            mark<ENFORCED> note<LP:1643652>
 CONFIG_IMA_APPRAISE_SIGNED_INIT                 mark<ENFORCED> note<LP:1667490>
-CONFIG_IMA_ARCH_POLICY                          mark<ENFORCED> note<LP:1866909>
+CONFIG_IMA_ARCH_POLICY                          mark<ENFORCED> note<LP:1866909> note<LP:1972802>
 
 # Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements >> IMA build time configured policy rules
 CONFIG_IMA_APPRAISE_BUILD_POLICY                policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
diff --git a/debian.oem/config/config.common.ubuntu b/debian.oem/config/config.common.ubuntu
index 9aa1af667614..8b81babd105d 100644
--- a/debian.oem/config/config.common.ubuntu
+++ b/debian.oem/config/config.common.ubuntu
@@ -3382,7 +3382,7 @@ CONFIG_IMA_APPRAISE=y
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_MODSIG=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
 # CONFIG_IMA_BLACKLIST_KEYRING is not set
 CONFIG_IMA_DEFAULT_HASH="sha1"
 CONFIG_IMA_DEFAULT_HASH_SHA1=y
@@ -3398,7 +3398,7 @@ CONFIG_IMA_MEASURE_PCR_IDX=10
 CONFIG_IMA_NG_TEMPLATE=y
 CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
 # CONFIG_IMA_READ_POLICY is not set
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 CONFIG_IMA_TRUSTED_KEYRING=y
-- 
2.34.1