This bug is awaiting verification that the linux/6.2.0-25.25 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar' to 'verification-done-lunar'. If the problem still exists, change the tag 'verification-needed-lunar' to 'verification-failed-lunar'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-lunar-linux verification-needed-lunar -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/2019040 Title: linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images Status in linux package in Ubuntu: In Progress Status in linux-kvm package in Ubuntu: In Progress Status in linux-meta-azure package in Ubuntu: Invalid Status in linux-meta-kvm package in Ubuntu: Invalid Status in linux source package in Jammy: Fix Committed Status in linux-kvm source package in Jammy: In Progress Status in linux-meta-azure source package in Jammy: Invalid Status in linux-meta-kvm source package in Jammy: New Status in linux source package in Kinetic: Fix Committed Status in linux-kvm source package in Kinetic: In Progress Status in linux-meta-azure source package in Kinetic: Invalid Status in linux-meta-kvm source package in Kinetic: New Status in linux source package in Lunar: Fix Committed Status in linux-kvm source package in Lunar: In Progress Status in linux-meta-azure source package in Lunar: New Status in linux-meta-kvm source package in Lunar: New Status in linux source package in Mantic: In Progress Status in linux-kvm source package in Mantic: In Progress Status in linux-meta-azure source package in Mantic: Invalid Status in linux-meta-kvm source package in Mantic: Invalid Bug description: SRU Justification [Impact] The kvm flavours currently do not enable dm-verity. This stops us from using integrity protected and verified images in VMs using this kernel flavour. [Fix] Please consider enabling the following kconfigs: CONFIG_DM_VERITY CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING CONFIG_IMA_ARCH_POLICY (The latter is needed to ensure that MoK keys can be used to verify dm-verity images too, via the machine keyring linked to the secondary keyring) These are already enabled in the 'main' kernel config, and in other distros. As a specific and explicit use case, in the systemd project we want to test functionality provided by systemd that needs these kconfigs on Ubuntu machines running the kvm flavour kernel. [Regression Potential] MOK keys may not be correctly read. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019040/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
