[Kernel-packages] [Bug 1866909] Comment bridged from LTC Bugzilla

Fri, 03 Apr 2020 10:01:13 -0700 

------- Comment From mranw...@us.ibm.com 2020-04-03 12:45 EDT-------
We've been working with Mimi and I think that what we need now aren't config 
option changes, but this patch:

diff --git a/arch/powerpc/kernel/ima_arch.c b/arch/powerpc/kernel/ima_arch.c
index e341162..c1ea55d 100644
--- a/arch/powerpc/kernel/ima_arch.c
+++ b/arch/powerpc/kernel/ima_arch.c
@@ -50,7 +50,7 @@ bool arch_ima_get_secureboot(void)
"measure func=KEXEC_KERNEL_CHECK template=ima-modsig",
"measure func=MODULE_CHECK template=ima-modsig",
"appraise func=KEXEC_KERNEL_CHECK appraise_flag=check_blacklist 
appraise_type=imasig|modsig",
-#ifndef CONFIG_MODULE_SIG_FORCE
+#ifndef CONFIG_MODULE_SIG
"appraise func=MODULE_CHECK appraise_flag=check_blacklist 
appraise_type=imasig|modsig",
#endif
NULL

We're going to test that, but it's similar to commit 8db5da0b8618 on the
x86 side.

It looks like the MODULE_SIG_FORCE/IMA_ARCH_POLICY change is the wrong
path right now.  But testing that, too. ;)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1866909

Title:
  Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot

Status in The Ubuntu-power-systems project:
  Incomplete
Status in linux package in Ubuntu:
  Incomplete

Bug description:
  == Comment: #0 - George C. Wilson <gcwil...@us.ibm.com> - 2020-02-25 18:40:44 
==
  - sysfs enablement: TBD
  - ima: arch specific policy support 6191706246de
  - platform keyring changes for powerpc: TBD
  - Appended signatures support for IMA appraisal 
39b07096364a42c516415d5f841069e885234e61
  - integrity: Define a trusted platform keyring: 9dc92c45177a
  - ima: Support platform keyring for kernel appraisal: d7cecb676dd3
  - TPM 2.0 Multibank extend support: c1f92b4b04ad
  - TPM 2.0 Eventlog support: 4d23cc323cdb
  - ima: carry the measurement list across kexec: d68a6fe9fccf
  - kexec_file_load system call support: 500c7ab1a9db

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to