------- Comment From <email address hidden> 2020-04-01 18:31 EDT-------
Thank you for spinning that so quickly. We neglected to request these config options get turned on:
CONFIG_PPC_SECURE_BOOT=y
CONFIG_PPC_SECVAR_SYSFS=y
CONFIG_LOAD_PPC_KEYS=y
CONFIG_IMA_READ_POLICY=y
CONFIG_IMA_ARCH_POLICY=y
We did enable those and rebuilt the kernel and that seems to allow the basics to work (ie, policies are there). We'll do some more testing on it.
The signing key - our systems don't have same chain of trust and the key needs to be added to the firmware. Can you direct us to that, please?
------- Comment From <email address hidden> 2020-04-01 18:31 EDT------- PPC_SECURE_ BOOT=y PPC_SECVAR_ SYSFS=y LOAD_PPC_ KEYS=y IMA_READ_ POLICY= y IMA_ARCH_ POLICY= y
Thank you for spinning that so quickly. We neglected to request these config options get turned on:
CONFIG_
CONFIG_
CONFIG_
CONFIG_
CONFIG_
We did enable those and rebuilt the kernel and that seems to allow the basics to work (ie, policies are there). We'll do some more testing on it.
The signing key - our systems don't have same chain of trust and the key needs to be added to the firmware. Can you direct us to that, please?