@@ -13964,7 +13964,7 @@ CONFIG_IMA_READ_POLICY mark<ENFORCED> note<LP:1667490>
# Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements
CONFIG_IMA_APPRAISE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_IMA_APPRAISE_SIGNED_INIT policy<{'amd64': '-', 'arm64': '-', 'armhf': '-', 'ppc64el': 'n', 's390x': '-'}>
-CONFIG_IMA_ARCH_POLICY policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
+CONFIG_IMA_ARCH_POLICY policy<{'amd64': 'y', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
CONFIG_IMA_APPRAISE_BOOTPARAM policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_IMA_APPRAISE_MODSIG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_IMA_TRUSTED_KEYRING policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
@@ -13978,7 +13978,7 @@ CONFIG_IMA_BLACKLIST_KEYRING mark<ENFORCED> note<LP:1667490>
CONFIG_IMA_LOAD_X509 mark<ENFORCED> note<LP:1643652>
CONFIG_IMA_X509_PATH mark<ENFORCED> note<LP:1643652>
CONFIG_IMA_APPRAISE_SIGNED_INIT mark<ENFORCED> note<LP:1667490>
-CONFIG_IMA_ARCH_POLICY mark<ENFORCED> note<LP:1866909>
+CONFIG_IMA_ARCH_POLICY mark<ENFORCED> note<LP:1866909> note<LP:1972802>
# Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements >> IMA build time configured policy rules
CONFIG_IMA_APPRAISE_BUILD_POLICY policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
@@ -3382,7 +3382,7 @@ CONFIG_IMA_APPRAISE=y
CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
CONFIG_IMA_APPRAISE_MODSIG=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
# CONFIG_IMA_BLACKLIST_KEYRING is not set
CONFIG_IMA_DEFAULT_HASH="sha1"
CONFIG_IMA_DEFAULT_HASH_SHA1=y
@@ -3398,7 +3398,7 @@ CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_NG_TEMPLATE=y
CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
# CONFIG_IMA_READ_POLICY is not set
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
# CONFIG_IMA_SIG_TEMPLATE is not set
# CONFIG_IMA_TEMPLATE is not set
CONFIG_IMA_TRUSTED_KEYRING=y