From patchwork Tue May 10 16:28:23 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: You-Sheng Yang <vicamo.yang@canonical.com>
X-Patchwork-Id: 1629277
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KyNm26kT9z9sGh
	for <incoming@patchwork.ozlabs.org>; Wed, 11 May 2022 02:29:21 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1noSja-0000vL-7X; Tue, 10 May 2022 16:29:14 +0000
Received: from mail-pj1-f41.google.com ([209.85.216.41])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <vicamo@gmail.com>) id 1noSjX-0000qM-0n
 for kernel-team@lists.ubuntu.com; Tue, 10 May 2022 16:29:11 +0000
Received: by mail-pj1-f41.google.com with SMTP id fv2so16325612pjb.4
 for <kernel-team@lists.ubuntu.com>; Tue, 10 May 2022 09:29:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=CcHf23qekeIARRIRGViyCGjwrrDjAmtnKq3pKrEZ360=;
 b=ywxCCxu6+yyp8nQa8VW/XRnp9sjIhFFL3Jx20atdx2FpQeDEo7mEsxCyMEUCbxj9LG
 XsOQoiUIvagl5ikwL7sQt8vcb58Qgj+6SMjNbzfZFvxjj8YzlKKN5hOGi7LIYdd0Qn19
 a354I7FWwaFv3IsoKWzaYlINm86WpKrvd1ebSwxFRHdAcHTXY7xZfQnxK546E534kgpz
 Vcns2byZOzS8LMMQWeTaLmgguQNXwfYayhw88OpYvYY5ZgSfwv+/kjXDyZH9Ut1AYmOZ
 TVxiZXKBabiW0WswCe0jmC30Ys1EErVBNwYiUvR3IsbDMxkqk4MYFZm3q0djB6xR+PFD
 mQGg==
X-Gm-Message-State: AOAM532GA94Aobz0mDPympl3oBTAhDtxhbXzyZX6b3FhnGTijdkX7mf5
 Cg0tuK4me1SdWorPQe5WDvWb5X5PHdE=
X-Google-Smtp-Source: 
 ABdhPJy0k6uI2Fnlq2p7Tq6DH7RKuns+H/udGOHqSxvyCxIOVnUN5q7avPxeQJf5Y1TdjKuOErppTQ==
X-Received: by 2002:a17:902:e393:b0:15c:f1c1:c527 with SMTP id
 g19-20020a170902e39300b0015cf1c1c527mr21615577ple.22.1652200148796;
 Tue, 10 May 2022 09:29:08 -0700 (PDT)
Received: from localhost.localdomain (218-173-147-134.dynamic-ip.hinet.net.
 [218.173.147.134]) by smtp.gmail.com with ESMTPSA id
 l6-20020a170902d34600b0015e8d4eb1fasm2273377plk.68.2022.05.10.09.29.07
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 10 May 2022 09:29:08 -0700 (PDT)
From: You-Sheng Yang <vicamo.yang@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH v2 1/1][SRU][OEM-5.17] UBUNTU: [Config] enable configs for
 fixing kernel won't load mok
Date: Wed, 11 May 2022 00:28:23 +0800
Message-Id: <20220510162823.2124487-3-vicamo.yang@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220510162823.2124487-1-vicamo.yang@canonical.com>
References: <20220510162823.2124487-1-vicamo.yang@canonical.com>
MIME-Version: 1.0
Received-SPF: pass client-ip=209.85.216.41; envelope-from=vicamo@gmail.com;
 helo=mail-pj1-f41.google.com
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Ivan Hu <ivan.hu@canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1972802

Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
---
 debian.oem/config/annotations          | 4 ++--
 debian.oem/config/config.common.ubuntu | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian.oem/config/annotations b/debian.oem/config/annotations
index 77c7f4a6ac87..c5cb0c49da2e 100644
--- a/debian.oem/config/annotations
+++ b/debian.oem/config/annotations
@@ -13964,7 +13964,7 @@ CONFIG_IMA_READ_POLICY                          mark<ENFORCED> note<LP:1667490>
 # Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements
 CONFIG_IMA_APPRAISE                             policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_APPRAISE_SIGNED_INIT                 policy<{'amd64': '-', 'arm64': '-', 'armhf': '-', 'ppc64el': 'n', 's390x': '-'}>
-CONFIG_IMA_ARCH_POLICY                          policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
+CONFIG_IMA_ARCH_POLICY                          policy<{'amd64': 'y', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
 CONFIG_IMA_APPRAISE_BOOTPARAM                   policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_APPRAISE_MODSIG                      policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_TRUSTED_KEYRING                      policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
@@ -13978,7 +13978,7 @@ CONFIG_IMA_BLACKLIST_KEYRING                    mark<ENFORCED> note<LP:1667490>
 CONFIG_IMA_LOAD_X509                            mark<ENFORCED> note<LP:1643652>
 CONFIG_IMA_X509_PATH                            mark<ENFORCED> note<LP:1643652>
 CONFIG_IMA_APPRAISE_SIGNED_INIT                 mark<ENFORCED> note<LP:1667490>
-CONFIG_IMA_ARCH_POLICY                          mark<ENFORCED> note<LP:1866909>
+CONFIG_IMA_ARCH_POLICY                          mark<ENFORCED> note<LP:1866909> note<LP:1972802>
 
 # Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements >> IMA build time configured policy rules
 CONFIG_IMA_APPRAISE_BUILD_POLICY                policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
diff --git a/debian.oem/config/config.common.ubuntu b/debian.oem/config/config.common.ubuntu
index 9aa1af667614..8b81babd105d 100644
--- a/debian.oem/config/config.common.ubuntu
+++ b/debian.oem/config/config.common.ubuntu
@@ -3382,7 +3382,7 @@ CONFIG_IMA_APPRAISE=y
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_MODSIG=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
 # CONFIG_IMA_BLACKLIST_KEYRING is not set
 CONFIG_IMA_DEFAULT_HASH="sha1"
 CONFIG_IMA_DEFAULT_HASH_SHA1=y
@@ -3398,7 +3398,7 @@ CONFIG_IMA_MEASURE_PCR_IDX=10
 CONFIG_IMA_NG_TEMPLATE=y
 CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
 # CONFIG_IMA_READ_POLICY is not set
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_SIG_TEMPLATE is not set
 # CONFIG_IMA_TEMPLATE is not set
 CONFIG_IMA_TRUSTED_KEYRING=y