[PATCH v2 1/1][SRU][U] UBUNTU: [Config] enable configs for fixing kernel won't load mok

You-Sheng Yang vicamo.yang at canonical.com
Tue May 10 16:28:22 UTC 2022 

From: Ivan Hu <ivan.hu at canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1972802

Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
---
 debian.master/config/amd64/config.common.amd64 | 4 ++--
 debian.master/config/annotations               | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian.master/config/amd64/config.common.amd64 b/debian.master/config/amd64/config.common.amd64
index 2849a90a3f5b..743090a179e2 100644
--- a/debian.master/config/amd64/config.common.amd64
+++ b/debian.master/config/amd64/config.common.amd64
@@ -249,7 +249,7 @@ CONFIG_ICS932S401=m
 CONFIG_IEEE802154=m
 CONFIG_IIO=m
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
 CONFIG_IMA_DEFAULT_HASH="sha1"
 CONFIG_IMA_DEFAULT_HASH_SHA1=y
 # CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
@@ -257,7 +257,7 @@ CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
 # CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_NG_TEMPLATE=y
 # CONFIG_IMA_READ_POLICY is not set
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_SIG_TEMPLATE is not set
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INPUT_EVBUG=m
diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index f7f541569b4b..0754921f4cae 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -13927,7 +13927,7 @@ CONFIG_IMA_READ_POLICY                          mark<ENFORCED> note<LP:1667490>
 # Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements
 CONFIG_IMA_APPRAISE                             policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_APPRAISE_SIGNED_INIT                 policy<{'amd64': '-', 'arm64': '-', 'armhf': '-', 'ppc64el': 'n', 's390x': '-'}>
-CONFIG_IMA_ARCH_POLICY                          policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
+CONFIG_IMA_ARCH_POLICY                          policy<{'amd64': 'y', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'y', 's390x': 'n'}>
 CONFIG_IMA_APPRAISE_BOOTPARAM                   policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_APPRAISE_MODSIG                      policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_IMA_TRUSTED_KEYRING                      policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
@@ -13941,7 +13941,7 @@ CONFIG_IMA_BLACKLIST_KEYRING                    mark<ENFORCED> note<LP:1667490>
 CONFIG_IMA_LOAD_X509                            mark<ENFORCED> note<LP:1643652>
 CONFIG_IMA_X509_PATH                            mark<ENFORCED> note<LP:1643652>
 CONFIG_IMA_APPRAISE_SIGNED_INIT                 mark<ENFORCED> note<LP:1667490>
-CONFIG_IMA_ARCH_POLICY                          mark<ENFORCED> note<LP:1866909>
+CONFIG_IMA_ARCH_POLICY                          mark<ENFORCED> note<LP:1866909> note<LP:1972802>
 
 # Menu: Security options >> Enable different security models >> Integrity subsystem >> Integrity Measurement Architecture(IMA) >> Appraise integrity measurements >> IMA build time configured policy rules
 CONFIG_IMA_APPRAISE_BUILD_POLICY                policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
-- 
2.34.1

More information about the kernel-team mailing list