| Message ID | 20210920204355.71311-1-dimitri.ledkov@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,I/riscv] UBUNTU: [Config] enable built-in revocation certificates | expand |
On 20.09.21 22:43, Dimitri John Ledkov wrote: > Enable built-in revocation certificates to pass required boot test. > > Despite do_enforce_all = true, configs of the master kernel are not > being enforced on the riscv flavour. Maybe this is because the master > kernel doesn't have full riscv64 support and configs at all. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> We are missing a BugLink but I guess for the devel kernels this is not enforced so it should be fine. Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Thanks > --- > debian.riscv/config/config.common.ubuntu | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/debian.riscv/config/config.common.ubuntu b/debian.riscv/config/config.common.ubuntu > index 677cf5ffa0..9ce169901c 100644 > --- a/debian.riscv/config/config.common.ubuntu > +++ b/debian.riscv/config/config.common.ubuntu > @@ -6961,7 +6961,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y > CONFIG_SYSTEM_DATA_VERIFICATION=y > CONFIG_SYSTEM_EXTRA_CERTIFICATE=y > CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 > -CONFIG_SYSTEM_REVOCATION_KEYS="" > +CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem" > CONFIG_SYSTEM_REVOCATION_LIST=y > CONFIG_SYSTEM_TRUSTED_KEYRING=y > CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem" >
On Mon, Sep 20, 2021 at 09:43:55PM +0100, Dimitri John Ledkov wrote: > Enable built-in revocation certificates to pass required boot test. > > Despite do_enforce_all = true, configs of the master kernel are not > being enforced on the riscv flavour. Maybe this is because the master > kernel doesn't have full riscv64 support and configs at all. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Applied to impish/linux-riscv. Thanks! -Andrea
diff --git a/debian.riscv/config/config.common.ubuntu b/debian.riscv/config/config.common.ubuntu index 677cf5ffa0..9ce169901c 100644 --- a/debian.riscv/config/config.common.ubuntu +++ b/debian.riscv/config/config.common.ubuntu @@ -6961,7 +6961,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_DATA_VERIFICATION=y CONFIG_SYSTEM_EXTRA_CERTIFICATE=y CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 -CONFIG_SYSTEM_REVOCATION_KEYS="" +CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem" CONFIG_SYSTEM_REVOCATION_LIST=y CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"
Enable built-in revocation certificates to pass required boot test. Despite do_enforce_all = true, configs of the master kernel are not being enforced on the riscv flavour. Maybe this is because the master kernel doesn't have full riscv64 support and configs at all. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian.riscv/config/config.common.ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)