Afaict the ppc ima arch policy is about ensuring that signature verification is done for module loading and kexec, which in our kernel will be enforced by automatically turning on lockdown integrity mode under secure boot. So my conclusion is that CONFIG_MODULE_SIG_FORCE should stay off and CONFIG_IMA_ARCH_POLICY should be disabled.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs