From 4264f8b011b818be97a3b67627efb5ee86c938c2 Mon Sep 17 00:00:00 2001
From: Lee, Chun-Yi <jlee@suse.com>
Date: Jun 02 2023 09:47:00 +0000
Subject: Revert "Revert "Update config files." (bsc#1211166)"


This reverts commit 944713a45f59680c926e1a4d51798970f8af1767.

Let's enable kernel lockdown function in master branch again.
This time we will test with NVIDIA KMP.

---

diff --git a/config/arm64/vanilla b/config/arm64/vanilla
index 6dd1e3d..f1973ef 100644
--- a/config/arm64/vanilla
+++ b/config/arm64/vanilla
@@ -12307,7 +12307,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 # CONFIG_IMA_WRITE_POLICY is not set
 CONFIG_IMA_READ_POLICY=y
 CONFIG_IMA_APPRAISE=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_APPRAISE_MODSIG=y
@@ -12317,7 +12317,7 @@ CONFIG_IMA_TRUSTED_KEYRING=y
 # CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
 CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 CONFIG_EVM=y
 CONFIG_EVM_ATTR_FSUUID=y
diff --git a/config/x86_64/vanilla b/config/x86_64/vanilla
index 2969a21..7c54ed9 100644
--- a/config/x86_64/vanilla
+++ b/config/x86_64/vanilla
@@ -10362,7 +10362,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 # CONFIG_IMA_WRITE_POLICY is not set
 CONFIG_IMA_READ_POLICY=y
 CONFIG_IMA_APPRAISE=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_APPRAISE_MODSIG=y
@@ -10372,7 +10372,7 @@ CONFIG_IMA_TRUSTED_KEYRING=y
 # CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
 CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 CONFIG_EVM=y
 CONFIG_EVM_ATTR_FSUUID=y