[SRU][OEM-5.17][PATCH 0/1] enable Mok key support for v5.17
Ivan Hu
ivan.hu at canonical.com
Tue May 10 09:36:18 UTC 2022
BugLink: https://bugs.launchpad.net/bugs/1972802
[Impact]
Mok keys is not trusted after kernel 5.17
[Fix]
Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY for
fixing the patch "[patch] integrity: Do not load MOK and MOKx when secure boot
be disabled" was added to check if secureboot enabled for trusting the MOK key.
[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on
and load the kernel module by either modprobe or insmod.
[Where problems could occur]
Low. only affect the checking secureboot enable function.
Ivan Hu (1):
UBUNTU: [Config] enable configs for fixing 5.17 kernel won't load mok
debian.oem/config/config.common.ubuntu | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list