From 785f952324137f30848cbbb467b5924a9f64ffaa Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Thu, 2 Apr 2020 16:52:16 +1100
Subject: [PATCH 2/2] UBUNTU: [Config] Enable secure-boot lockdown for ppc64el

Signed-off-by: Daniel Axtens <dja@axtens.net>
---
 debian.master/config/annotations          | 3 ++-
 debian.master/config/config.common.ubuntu | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index e70e9f2705c2..0fbebb68f9f5 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -12466,6 +12466,7 @@ CONFIG_PPC_SUBPAGE_PROT                         policy<{'ppc64el': 'y'}>
 CONFIG_PPC_DENORMALISATION                      policy<{'ppc64el': 'y'}>
 CONFIG_EXTRA_TARGETS                            policy<{'ppc64el': '""'}>
 CONFIG_PPC_MEM_KEYS                             policy<{'ppc64el': 'n'}>
+CONFIG_PPC_SECURE_BOOT				policy<{'ppc64el': 'y'}>
 #
 CONFIG_FA_DUMP                                  note<LP:1415562>
 CONFIG_PPC_MEM_KEYS                             flag<REVIEW> note<LP:1776967>
@@ -12819,7 +12820,7 @@ CONFIG_SECURITY_SAFESETID                       mark<ENFORCED> note<LP:#1845391>
 # Menu: Security options >> Enable different security models >> Basic module for enforcing kernel lockdown
 CONFIG_SECURITY_LOCKDOWN_LSM                    policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY              policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
-CONFIG_LOCK_DOWN_IN_SECURE_BOOT                 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 's390x': 'y'}>
+CONFIG_LOCK_DOWN_IN_SECURE_BOOT                 policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ             policy<{'amd64': 'y', 'i386': 'y'}>
 #
 CONFIG_SECURITY_LOCKDOWN_LSM                    mark<ENFORCED>
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 19530e384f53..c7a1b38bb742 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -7467,6 +7467,7 @@ CONFIG_PPC_RTAS=y
 CONFIG_PPC_RTAS_DAEMON=y
 CONFIG_PPC_SMLPAR=y
 CONFIG_PPC_SMP_MUXED_IPI=y
+CONFIG_PPC_SECURE_BOOT=y
 CONFIG_PPC_SPLPAR=y
 CONFIG_PPC_SUBPAGE_PROT=y
 CONFIG_PPC_SVM=y
-- 
2.20.1