From: pbrobinson on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1284 NOTE: Truncated patchset due to missing public @redhat.com email address on your GitLab profile at https://gitlab.com/-/profile. Once that is fixed, close and reopen the merge request to retrigger sending the emails.
We want the TRUSTED_KEYS support built in everywhere, it's currently just built in for x86/power on ark. We need it built in for aarch64 as well, and it should be the same on Fedora.
Signed-off-by: Peter Robinson pbrobinson@redhat.com
--- redhat/configs/ark/generic/powerpc/CONFIG_TRUSTED_KEYS | 1 - redhat/configs/ark/generic/x86/x86_64/CONFIG_TRUSTED_KEYS | 1 - redhat/configs/ark/generic/CONFIG_TEE => redhat/configs/common/generic/CONFIG_TEE | 0 redhat/configs/common/generic/CONFIG_TRUSTED_KEYS | 2 +- redhat/configs/fedora/generic/arm/CONFIG_TEE | 1 - redhat/configs/fedora/generic/CONFIG_TEE | 1 - 6 files changed, 1 insertions(+), 5 deletions(-)
From: Justin M. Forbes on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1284#note_7466583...
Since it was set to allow maintainers to commit to the MR, I did the rebase.
From: Ondrej Mosnáček on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1284#note_7489807...
@jforbes Thanks! Could you also please add a mention to the second commit that it is needed because IMA uses trusted keys early in the boot process? That bit of information is still missing there.
kernel@lists.fedoraproject.org