README: note Kconfig for verifying DDIs via MoK keys

Also note them in the mkosi.build kernel config list
author: Luca Boccassi <bluca@debian.org> 2022-11-12 02:07:13 +0100
committer: Luca Boccassi <bluca@debian.org> 2022-11-14 12:09:36 +0100
commit: a460debc8ea366c0c706de3b71e2c6ff56988791 (patch)
tree: 8bb24cca0d333100679d6f8a1654af66fe5a5915 /README
parent: README: use https on one more link (diff)
download: systemd-a460debc8ea366c0c706de3b71e2c6ff56988791.tar.xz
systemd-a460debc8ea366c0c706de3b71e2c6ff56988791.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/README b/README
index f6e92464c2..d8c279f9fa 100644
--- a/README
+++ b/README
@@ -128,6 +128,11 @@ REQUIREMENTS:
 
         Required for signed Verity images support:
           CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
+        Required to verify signed Verity images using keys enrolled in the MoK
+        (Machine-Owner Key) keyring:
+          CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
+          CONFIG_IMA_ARCH_POLICY
+          CONFIG_INTEGRITY_MACHINE_KEYRING
 
         Required for RestrictFileSystems= in service units:
           CONFIG_BPF
author	Luca Boccassi <bluca@debian.org>	2022-11-12 02:07:13 +0100
committer	Luca Boccassi <bluca@debian.org>	2022-11-14 12:09:36 +0100
commit	a460debc8ea366c0c706de3b71e2c6ff56988791 (patch)
tree	8bb24cca0d333100679d6f8a1654af66fe5a5915 /README
parent	README: use https on one more link (diff)
download	systemd-a460debc8ea366c0c706de3b71e2c6ff56988791.tar.xz systemd-a460debc8ea366c0c706de3b71e2c6ff56988791.zip