Message ID | 20220510093619.17147-1-ivan.hu@canonical.com |
---|---|
Headers | show |
Series | enable Mok key support for v5.17 | expand |
Resubmitted V2 for both oem-5.17 and unstable with annotations addressed. On Tue, May 10, 2022 at 5:36 PM Ivan Hu <ivan.hu@canonical.com> wrote: > > BugLink: https://bugs.launchpad.net/bugs/1972802 > > [Impact] > Mok keys is not trusted after kernel 5.17 > > [Fix] > Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY for > fixing the patch "[patch] integrity: Do not load MOK and MOKx when secure boot > be disabled" was added to check if secureboot enabled for trusting the MOK key. > > [Test] > Enroll Mok key and use it to sign kernel modules, make sure secure boot is on > and load the kernel module by either modprobe or insmod. > > [Where problems could occur] > Low. only affect the checking secureboot enable function. > > Ivan Hu (1): > UBUNTU: [Config] enable configs for fixing 5.17 kernel won't load mok > > debian.oem/config/config.common.ubuntu | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team