------- Comment From mranw...@us.ibm.com 2020-04-01 18:31 EDT------- Thank you for spinning that so quickly. We neglected to request these config options get turned on: CONFIG_PPC_SECURE_BOOT=y CONFIG_PPC_SECVAR_SYSFS=y CONFIG_LOAD_PPC_KEYS=y CONFIG_IMA_READ_POLICY=y CONFIG_IMA_ARCH_POLICY=y
We did enable those and rebuilt the kernel and that seems to allow the basics to work (ie, policies are there). We'll do some more testing on it. The signing key - our systems don't have same chain of trust and the key needs to be added to the firmware. Can you direct us to that, please? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot Status in The Ubuntu-power-systems project: Incomplete Status in linux package in Ubuntu: Incomplete Bug description: == Comment: #0 - George C. Wilson <gcwil...@us.ibm.com> - 2020-02-25 18:40:44 == - sysfs enablement: TBD - ima: arch specific policy support 6191706246de - platform keyring changes for powerpc: TBD - Appended signatures support for IMA appraisal 39b07096364a42c516415d5f841069e885234e61 - integrity: Define a trusted platform keyring: 9dc92c45177a - ima: Support platform keyring for kernel appraisal: d7cecb676dd3 - TPM 2.0 Multibank extend support: c1f92b4b04ad - TPM 2.0 Eventlog support: 4d23cc323cdb - ima: carry the measurement list across kexec: d68a6fe9fccf - kexec_file_load system call support: 500c7ab1a9db To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
