Andrew Donnellan <a...@linux.ibm.com> writes: > On Fri, 2023-04-14 at 23:23 +1000, Michael Ellerman wrote: >> Add the numerous options required to get secure boot enabled. >> >> Signed-off-by: Michael Ellerman <m...@ellerman.id.au> >> --- >> arch/powerpc/configs/ppc64_defconfig | 17 ++++++++++++++++- >> 1 file changed, 16 insertions(+), 1 deletion(-) >> >> diff --git a/arch/powerpc/configs/ppc64_defconfig >> b/arch/powerpc/configs/ppc64_defconfig >> index d98fe52a5892..f185adc128db 100644 >> --- a/arch/powerpc/configs/ppc64_defconfig >> +++ b/arch/powerpc/configs/ppc64_defconfig >> @@ -54,6 +54,7 @@ CONFIG_CRASH_DUMP=y >> CONFIG_FA_DUMP=y >> CONFIG_IRQ_ALL_CPUS=y >> CONFIG_SCHED_SMT=y >> +CONFIG_PPC_SECURE_BOOT=y > > Can we add CONFIG_PPC_SECVAR_SYSFS=y as well?
We can. But would it make more sense to just make PPC_SECVAR_SYSFS a hidden symbol? Is there really any reason someone would want to turn it off? cheers
