]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc9938d)
README: update requirements for signed dm-verity
authorLuca Boccassi <bluca@debian.org>
Thu, 4 Jul 2024 15:58:46 +0000 (16:58 +0100)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 4 Jul 2024 17:04:58 +0000 (19:04 +0200)
The newest kconfig enabling DB-verified dm-verity images is queued
for 6.11:

https://patchwork.kernel.org/project/dm-devel/patch/20240617220037.594792-1-luca.boccassi@gmail.com/

README patch | blob | blame | history

diff --git a/README b/README
index f8f130e015981f1bb477d38ef1e927af02f19235..7c7bbaf0701517b977ed73648d9e85b337935fb7 100644 (file)
--- a/README
+++ b/README
@@ -130,9 +130,10 @@ REQUIREMENTS:
 
         Required for signed Verity images support:
           CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
-        Required to verify signed Verity images using keys enrolled in the MoK
-        (Machine-Owner Key) keyring:
+        Required to verify signed Verity images using keys enrolled in the MOK
+        (Machine-Owner Key) and DB UEFI certificate stores:
           CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
+          CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING
           CONFIG_IMA_ARCH_POLICY
           CONFIG_INTEGRITY_MACHINE_KEYRING
 
Unnamed repository; edit this file 'description' to name the repository.