diff options
| author | Luca Boccassi <bluca@debian.org> | 2024-07-04 17:58:46 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-04 19:04:58 +0200 |
| commit | a79b6dc0706dd5fe76ec56b3308b402c133ead23 (patch) | |
| tree | 4e7c390e64156a685bdadeef8c0bb81ab48e803f /README | |
| parent | sysusers: handle NSS errors gracefully (diff) | |
| download | systemd-a79b6dc0706dd5fe76ec56b3308b402c133ead23.tar.xz systemd-a79b6dc0706dd5fe76ec56b3308b402c133ead23.zip | |
README: update requirements for signed dm-verity
The newest kconfig enabling DB-verified dm-verity images is queued
for 6.11:
https://patchwork.kernel.org/project/dm-devel/patch/20240617220037.594792-1-luca.boccassi@gmail.com/
Diffstat (limited to 'README')
| -rw-r--r-- | README | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -130,9 +130,10 @@ REQUIREMENTS: Required for signed Verity images support: CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG - Required to verify signed Verity images using keys enrolled in the MoK - (Machine-Owner Key) keyring: + Required to verify signed Verity images using keys enrolled in the MOK + (Machine-Owner Key) and DB UEFI certificate stores: CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING + CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING CONFIG_IMA_ARCH_POLICY CONFIG_INTEGRITY_MACHINE_KEYRING |