------- Comment From mranw...@us.ibm.com 2020-04-01 18:31 EDT------- Thank you for spinning that so quickly. We neglected to request these config options get turned on: CONFIG_PPC_SECURE_BOOT=y CONFIG_PPC_SECVAR_SYSFS=y CONFIG_LOAD_PPC_KEYS=y CONFIG_IMA_READ_POLICY=y CONFIG_IMA_ARCH_POLICY=y
We did enable those and rebuilt the kernel and that seems to allow the basics to work (ie, policies are there). We'll do some more testing on it. The signing key - our systems don't have same chain of trust and the key needs to be added to the firmware. Can you direct us to that, please? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1866909 Title: Ubuntu Kernel Support for OpenPOWER NV Secure & Trusted Boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1866909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs