[MANTIC][PATCH] UBUNTU: [Config] Default module signing algo should be accelerated

Mon Sep 4 16:02:54 UTC 2023

Default module signing algo should be accelerated. This is to ensure
the most optimal boot speed of lockedown systems that enforce kernel
module signature verification. Usually the accelerated version of
sha512 is loaded, but possibly much later during the boot.

BugLink: https://bugs.launchpad.net/bugs/2034061

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
---
 debian.master/config/annotations | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 60be644b2e..ef9dc2ba82 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -117,6 +117,21 @@ CONFIG_CRASH_DUMP                               note<'LP: #1363180'>
 CONFIG_CRYPTO_SHA512                            policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
 CONFIG_CRYPTO_SHA512                            note<'module signing'>
 
+CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'y'}>
+CONFIG_CRYPTO_SHA512_ARM                        note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'y'}>
+CONFIG_CRYPTO_SHA512_ARM64                      note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'y'}>
+CONFIG_CRYPTO_SHA512_ARM64_CE                   note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'y'}>
+CONFIG_CRYPTO_SHA512_S390                       note<'LP: #2034061'>
+
+CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'y'}>
+CONFIG_CRYPTO_SHA512_SSSE3                      note<'LP: #2034061'>
+
 CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
 CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE          note<'Obsolete w/ no known userspace dependencies'>
 
@@ -3481,11 +3496,6 @@ CONFIG_CRYPTO_SHA3                              policy<{'amd64': 'y', 'arm64': '
 CONFIG_CRYPTO_SHA3_256_S390                     policy<{'s390x': 'm'}>
 CONFIG_CRYPTO_SHA3_512_S390                     policy<{'s390x': 'm'}>
 CONFIG_CRYPTO_SHA3_ARM64                        policy<{'arm64': 'm'}>
-CONFIG_CRYPTO_SHA512_ARM                        policy<{'armhf': 'm'}>
-CONFIG_CRYPTO_SHA512_ARM64                      policy<{'arm64': 'm'}>
-CONFIG_CRYPTO_SHA512_ARM64_CE                   policy<{'arm64': 'm'}>
-CONFIG_CRYPTO_SHA512_S390                       policy<{'s390x': 'm'}>
-CONFIG_CRYPTO_SHA512_SSSE3                      policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_SIG2                              policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
 CONFIG_CRYPTO_SIMD                              policy<{'amd64': 'm', 'armhf': 'm'}>
 CONFIG_CRYPTO_SKCIPHER                          policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-- 
2.34.1


