APPLIED[M]: [MANTIC][PATCH] UBUNTU: [Config] Default module signing algo should be accelerated

Andrea Righi andrea.righi at canonical.com
Sat Sep 9 15:00:13 UTC 2023 

On Mon, Sep 04, 2023 at 05:02:54PM +0100, Dimitri John Ledkov wrote:
> Default module signing algo should be accelerated. This is to ensure
> the most optimal boot speed of lockedown systems that enforce kernel
> module signature verification. Usually the accelerated version of
> sha512 is loaded, but possibly much later during the boot.
> 
> BugLink: https://bugs.launchpad.net/bugs/2034061
> 
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
> ---

Applied to mantic/linux.

Thanks!
-Andrea

>  debian.master/config/annotations | 20 +++++++++++++++-----
>  1 file changed, 15 insertions(+), 5 deletions(-)
> 
> diff --git a/debian.master/config/annotations b/debian.master/config/annotations
> index 60be644b2e..ef9dc2ba82 100644
> --- a/debian.master/config/annotations
> +++ b/debian.master/config/annotations
> @@ -117,6 +117,21 @@ CONFIG_CRASH_DUMP                               note<'LP: #1363180'>
>  CONFIG_CRYPTO_SHA512                            policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
>  CONFIG_CRYPTO_SHA512                            note<'module signing'>
>  
> +CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'y'}>
> +CONFIG_CRYPTO_SHA512_ARM                        note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'y'}>
> +CONFIG_CRYPTO_SHA512_ARM64                      note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'y'}>
> +CONFIG_CRYPTO_SHA512_ARM64_CE                   note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'y'}>
> +CONFIG_CRYPTO_SHA512_S390                       note<'LP: #2034061'>
> +
> +CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'y'}>
> +CONFIG_CRYPTO_SHA512_SSSE3                      note<'LP: #2034061'>
> +
>  CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
>  CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          note<'Obsolete w/ no known userspace dependencies'>
>  
> @@ -3481,11 +3496,6 @@ CONFIG_CRYPTO_SHA3                              policy<{'amd64': 'y', 'arm64': '
>  CONFIG_CRYPTO_SHA3_256_S390                     policy<{'s390x': 'm'}>
>  CONFIG_CRYPTO_SHA3_512_S390                     policy<{'s390x': 'm'}>
>  CONFIG_CRYPTO_SHA3_ARM64                        policy<{'arm64': 'm'}>
> -CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'm'}>
> -CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'm'}>
> -CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'm'}>
> -CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'm'}>
> -CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'm'}>
>  CONFIG_CRYPTO_SIG2                              policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
>  CONFIG_CRYPTO_SIMD                              policy<{'amd64': 'm', 'armhf': 'm'}>
>  CONFIG_CRYPTO_SKCIPHER                          policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
> -- 
> 2.34.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list