| Message ID | 20220510093619.17147-2-ivan.hu@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | enable Mok key support for v5.17 | expand |
I think you should add an annotation policy so that the reason for making this config change is easily noted. rtg On 5/10/22 03:36, Ivan Hu wrote: > BugLink: https://bugs.launchpad.net/bugs/1972802 > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > debian.oem/config/config.common.ubuntu | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/debian.oem/config/config.common.ubuntu b/debian.oem/config/config.common.ubuntu > index 9aa1af667614..8b81babd105d 100644 > --- a/debian.oem/config/config.common.ubuntu > +++ b/debian.oem/config/config.common.ubuntu > @@ -3382,7 +3382,7 @@ CONFIG_IMA_APPRAISE=y > CONFIG_IMA_APPRAISE_BOOTPARAM=y > # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set > CONFIG_IMA_APPRAISE_MODSIG=y > -# CONFIG_IMA_ARCH_POLICY is not set > +CONFIG_IMA_ARCH_POLICY=y > # CONFIG_IMA_BLACKLIST_KEYRING is not set > CONFIG_IMA_DEFAULT_HASH="sha1" > CONFIG_IMA_DEFAULT_HASH_SHA1=y > @@ -3398,7 +3398,7 @@ CONFIG_IMA_MEASURE_PCR_IDX=10 > CONFIG_IMA_NG_TEMPLATE=y > CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y > # CONFIG_IMA_READ_POLICY is not set > -# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set > +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y > # CONFIG_IMA_SIG_TEMPLATE is not set > # CONFIG_IMA_TEMPLATE is not set > CONFIG_IMA_TRUSTED_KEYRING=y
diff --git a/debian.oem/config/config.common.ubuntu b/debian.oem/config/config.common.ubuntu index 9aa1af667614..8b81babd105d 100644 --- a/debian.oem/config/config.common.ubuntu +++ b/debian.oem/config/config.common.ubuntu @@ -3382,7 +3382,7 @@ CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set CONFIG_IMA_APPRAISE_MODSIG=y -# CONFIG_IMA_ARCH_POLICY is not set +CONFIG_IMA_ARCH_POLICY=y # CONFIG_IMA_BLACKLIST_KEYRING is not set CONFIG_IMA_DEFAULT_HASH="sha1" CONFIG_IMA_DEFAULT_HASH_SHA1=y @@ -3398,7 +3398,7 @@ CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y # CONFIG_IMA_READ_POLICY is not set -# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y # CONFIG_IMA_SIG_TEMPLATE is not set # CONFIG_IMA_TEMPLATE is not set CONFIG_IMA_TRUSTED_KEYRING=y
BugLink: https://bugs.launchpad.net/bugs/1972802 Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- debian.oem/config/config.common.ubuntu | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)