From: Coiby Xu on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1442
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1994858 KEXEC_SIG needs to be enabled for aarch64 so the kernel image's signature can be verified when loading a kernel image via kexec with secureboot enabled. Since this option has already been enabled for x86 and s390x and POWER doesn't have this option, unify it to common/generic/CONFIG_KEXEC_SIG as suggested by Peter Robinson. CONFIG_KEXEC_IMAGE_VERIFY_SIG is also enabled so kernel image signature verification support could be enabled for aarch64. This option has already been enabled for Fedora. Signed-off-by: Coiby Xu <c...@redhat.com> --- redhat/configs/common/generic/s390x/zfcpdump/CONFIG_KEXEC_SIG | 1 - redhat/configs/common/generic/s390x/CONFIG_KEXEC_SIG | 1 - redhat/configs/common/generic/x86/CONFIG_KEXEC_SIG | 1 - redhat/configs/fedora/generic/CONFIG_KEXEC_IMAGE_VERIFY_SIG => redhat/configs/common/generic/CONFIG_KEXEC_IMAGE_VERIFY_SIG | 0 redhat/configs/common/generic/CONFIG_KEXEC_SIG | 2 +- redhat/configs/fedora/generic/arm/aarch64/CONFIG_KEXEC_SIG | 1 - redhat/configs/fedora/generic/s390x/CONFIG_KEXEC_SIG | 1 - redhat/configs/fedora/generic/x86/CONFIG_KEXEC_SIG | 1 - 8 files changed, 1 insertions(+), 7 deletions(-) _______________________________________________ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
