** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019040
Title:
linux-*: please enable dm-verity kconfigs to allow MoK/db verified
root images
Status in linux package in Ubuntu:
New
Status in linux-meta-azure package in Ubuntu:
New
Status in linux-meta-kvm package in Ubuntu:
New
Bug description:
The kvm flavours currently do not enable dm-verity. This stops us from
using integrity protected and verified images in VMs using this kernel
flavour.
Please consider enabling the following kconfigs:
CONFIG_DM_VERITY
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
CONFIG_IMA_ARCH_POLICY
(The latter is needed to ensure that MoK keys can be used to verify
dm-verity images too, via the machine keyring linked to the secondary
keyring)
These are already enabled in the 'main' kernel config, and in other
distros.
As a specific and explicit use case, in the systemd project we want to
test functionality provided by systemd that needs these kconfigs on
Ubuntu machines running the kvm flavour kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp