[SRU][F][PATCH 1/3] UBUNTU: [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
Chengen Du
chengen.du at canonical.com
Fri Aug 25 06:17:53 UTC 2023
This option enables support for kexec image signature verification,
allowing signed kernels to be loaded via the kexec_file_load system
call.
Signed-off-by: Chengen Du <chengen.du at canonical.com>
---
debian.master/config/annotations | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index e5731b2e3a9e..31caf0427389 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -12450,7 +12450,7 @@ CONFIG_ARM_MODULE_PLTS policy<{'armhf': 'n'}>
CONFIG_UACCESS_WITH_MEMCPY policy<{'armhf': 'n'}>
# Menu: Processor type and features >> Architecture: arm64
-CONFIG_KEXEC_IMAGE_VERIFY_SIG policy<{'arm64': 'n'}>
+CONFIG_KEXEC_IMAGE_VERIFY_SIG policy<{'arm64': 'y'}>
CONFIG_UNMAP_KERNEL_AT_EL0 policy<{'arm64': 'y'}>
CONFIG_HARDEN_EL2_VECTORS policy<{'arm64': 'y'}>
CONFIG_ARM64_SSBD policy<{'arm64': 'y'}>
@@ -12462,8 +12462,6 @@ CONFIG_ARM64_MODULE_PLTS policy<{'arm64': 'y'}>
CONFIG_ARM64_PSEUDO_NMI policy<{'arm64': 'y'}>
CONFIG_ARM64_DEBUG_PRIORITY_MASKING policy<{'arm64': 'n'}>
CONFIG_RANDOMIZE_MODULE_REGION_FULL policy<{'arm64': 'y'}>
-#
-CONFIG_KEXEC_IMAGE_VERIFY_SIG flag<REVIEW>
# Menu: Processor type and features >> Architecture: powerpc
CONFIG_PPC_TRANSACTIONAL_MEM policy<{'ppc64el': 'y'}>
--
2.39.2
More information about the kernel-team
mailing list