Comment 0 for bug 2019040

The kvm flavours currently do not enable dm-verity. This stops us from using integrity protected and verified images in VMs using this kernel flavour.

Please consider enabling the following kconfigs:

CONFIG_DM_VERITY
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
CONFIG_IMA_ARCH_POLICY

(The latter is needed to ensure that MoK keys can be used to verify dm-verity images too, via the machine keyring linked to the secondary keyring)

These are already enabled in the 'main' kernel config, and in other distros.

As a specific and explicit use case, in the systemd project we want to test functionality provided by systemd that needs these kconfigs on Ubuntu machines running the kvm flavour kernel.