[Impact]
Mok keys is not trusted after kernel 5.17
[Fix]
Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY for fixing the patch
"[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key
[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on and load the kernel module by either modprobe or insmod.
[Regression Risk]
Low. only affect the checking secureboot enable function.
[Impact]
Mok keys is not trusted after kernel 5.17
[Fix] IMA_SECURE_ AND_OR_ TRUSTED_ BOOT and CONFIG_ IMA_ARCH_ POLICY for fixing the patch
Enable the CONFIG_
"[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key
[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on and load the kernel module by either modprobe or insmod.
[Regression Risk]
Low. only affect the checking secureboot enable function.