diff options
-rw-r--r-- | README | 5 | ||||
-rwxr-xr-x | mkosi.build | 4 |
2 files changed, 9 insertions, 0 deletions
@@ -128,6 +128,11 @@ REQUIREMENTS: Required for signed Verity images support: CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG + Required to verify signed Verity images using keys enrolled in the MoK + (Machine-Owner Key) keyring: + CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING + CONFIG_IMA_ARCH_POLICY + CONFIG_INTEGRITY_MACHINE_KEYRING Required for RestrictFileSystems= in service units: CONFIG_BPF diff --git a/mkosi.build b/mkosi.build index cbf82811cf..70721a88a3 100755 --- a/mkosi.build +++ b/mkosi.build @@ -307,6 +307,10 @@ if [ -d mkosi.kernel/ ]; then --enable MEMCG \ --enable MEMCG_SWAP \ --enable MEMCG_KMEM \ + --enable IMA_ARCH_POLICY \ + --enable DM_VERITY_VERIFY_ROOTHASH_SIG \ + --enable DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING \ + --enable INTEGRITY_MACHINE_KEYRING \ --enable NETFILTER_ADVANCED \ --enable NF_CONNTRACK_MARK |