From: Luca Boccassi <bluca@debian.org>
Date: Thu, 4 Jul 2024 15:58:46 +0000 (+0100)
Subject: README: update requirements for signed dm-verity
X-Git-Tag: v257-rc1~964
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a79b6dc0706dd5fe76ec56b3308b402c133ead23;p=thirdparty%2Fsystemd.git

README: update requirements for signed dm-verity

The newest kconfig enabling DB-verified dm-verity images is queued
for 6.11:

https://patchwork.kernel.org/project/dm-devel/patch/20240617220037.594792-1-luca.boccassi@gmail.com/
---

diff --git a/README b/README
index f8f130e0159..7c7bbaf0701 100644
--- a/README
+++ b/README
@@ -130,9 +130,10 @@ REQUIREMENTS:
 
         Required for signed Verity images support:
           CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG
-        Required to verify signed Verity images using keys enrolled in the MoK
-        (Machine-Owner Key) keyring:
+        Required to verify signed Verity images using keys enrolled in the MOK
+        (Machine-Owner Key) and DB UEFI certificate stores:
           CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
+          CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING
           CONFIG_IMA_ARCH_POLICY
           CONFIG_INTEGRITY_MACHINE_KEYRING