File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -288,6 +288,17 @@ prepare() {
288288 scripts/config -e CACHY
289289 fi
290290
291+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
292+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
293+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
294+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
295+ # (copr-linux-cachyos commit a0407947). See #862.
296+ scripts/config -e CONFIG_IMA \
297+ -e CONFIG_IMA_APPRAISE \
298+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
299+ -e CONFIG_IMA_ARCH_POLICY \
300+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
301+
291302 # ## Selecting the CPU scheduler
292303 case " $_cpusched " in
293304 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -288,6 +288,17 @@ prepare() {
288288 scripts/config -e CACHY
289289 fi
290290
291+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
292+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
293+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
294+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
295+ # (copr-linux-cachyos commit a0407947). See #862.
296+ scripts/config -e CONFIG_IMA \
297+ -e CONFIG_IMA_APPRAISE \
298+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
299+ -e CONFIG_IMA_ARCH_POLICY \
300+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
301+
291302 # ## Selecting the CPU scheduler
292303 case " $_cpusched " in
293304 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -289,6 +289,17 @@ prepare() {
289289 scripts/config -e CACHY
290290 fi
291291
292+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
293+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
294+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
295+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
296+ # (copr-linux-cachyos commit a0407947). See #862.
297+ scripts/config -e CONFIG_IMA \
298+ -e CONFIG_IMA_APPRAISE \
299+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
300+ -e CONFIG_IMA_ARCH_POLICY \
301+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
302+
292303 # ## Selecting the CPU scheduler
293304 case " $_cpusched " in
294305 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -291,6 +291,17 @@ prepare() {
291291 scripts/config -e CACHY
292292 fi
293293
294+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
295+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
296+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
297+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
298+ # (copr-linux-cachyos commit a0407947). See #862.
299+ scripts/config -e CONFIG_IMA \
300+ -e CONFIG_IMA_APPRAISE \
301+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
302+ -e CONFIG_IMA_ARCH_POLICY \
303+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
304+
294305 # ## Selecting the CPU scheduler
295306 case " $_cpusched " in
296307 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -288,6 +288,17 @@ prepare() {
288288 scripts/config -e CACHY
289289 fi
290290
291+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
292+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
293+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
294+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
295+ # (copr-linux-cachyos commit a0407947). See #862.
296+ scripts/config -e CONFIG_IMA \
297+ -e CONFIG_IMA_APPRAISE \
298+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
299+ -e CONFIG_IMA_ARCH_POLICY \
300+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
301+
291302 # ## Selecting the CPU scheduler
292303 case " $_cpusched " in
293304 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -287,6 +287,17 @@ prepare() {
287287 scripts/config -e CACHY
288288 fi
289289
290+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
291+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
292+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
293+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
294+ # (copr-linux-cachyos commit a0407947). See #862.
295+ scripts/config -e CONFIG_IMA \
296+ -e CONFIG_IMA_APPRAISE \
297+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
298+ -e CONFIG_IMA_ARCH_POLICY \
299+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
300+
290301 # ## Selecting the CPU scheduler
291302 case " $_cpusched " in
292303 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -332,6 +332,17 @@ prepare() {
332332 scripts/config -e CACHY
333333 fi
334334
335+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
336+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
337+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
338+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
339+ # (copr-linux-cachyos commit a0407947). See #862.
340+ scripts/config -e CONFIG_IMA \
341+ -e CONFIG_IMA_APPRAISE \
342+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
343+ -e CONFIG_IMA_ARCH_POLICY \
344+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
345+
335346 # ## Selecting the CPU scheduler
336347 case " $_cpusched " in
337348 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -291,6 +291,17 @@ prepare() {
291291 scripts/config -e CACHY
292292 fi
293293
294+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
295+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
296+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
297+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
298+ # (copr-linux-cachyos commit a0407947). See #862.
299+ scripts/config -e CONFIG_IMA \
300+ -e CONFIG_IMA_APPRAISE \
301+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
302+ -e CONFIG_IMA_ARCH_POLICY \
303+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
304+
294305 # ## Selecting the CPU scheduler
295306 case " $_cpusched " in
296307 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -288,6 +288,17 @@ prepare() {
288288 scripts/config -e CACHY
289289 fi
290290
291+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
292+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
293+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
294+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
295+ # (copr-linux-cachyos commit a0407947). See #862.
296+ scripts/config -e CONFIG_IMA \
297+ -e CONFIG_IMA_APPRAISE \
298+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
299+ -e CONFIG_IMA_ARCH_POLICY \
300+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
301+
291302 # ## Selecting the CPU scheduler
292303 case " $_cpusched " in
293304 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
Original file line number Diff line number Diff line change @@ -328,6 +328,17 @@ prepare() {
328328 scripts/config -e CACHY
329329 fi
330330
331+ # ## Enable Secure Boot support (load MOK keys into the .machine keyring)
332+ # Without IMA, arch_ima_get_secureboot() is a stub returning false, so
333+ # load_uefi_certs() returns before load_moklist_certs() and MOK-signed
334+ # modules cannot load under Secure Boot. Mirrors the Fedora packaging
335+ # (copr-linux-cachyos commit a0407947). See #862.
336+ scripts/config -e CONFIG_IMA \
337+ -e CONFIG_IMA_APPRAISE \
338+ -e CONFIG_IMA_APPRAISE_BOOTPARAM \
339+ -e CONFIG_IMA_ARCH_POLICY \
340+ -e CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
341+
331342 # ## Selecting the CPU scheduler
332343 case " $_cpusched " in
333344 cachyos|bore|hardened) scripts/config -e SCHED_BORE;;
You can’t perform that action at this time.
0 commit comments