diff --git a/config/arm64/vanilla b/config/arm64/vanilla
index 6dd1e3d..2730dfd 100644
--- a/config/arm64/vanilla
+++ b/config/arm64/vanilla
@@ -12281,6 +12281,7 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
@@ -12307,7 +12308,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 # CONFIG_IMA_WRITE_POLICY is not set
 CONFIG_IMA_READ_POLICY=y
 CONFIG_IMA_APPRAISE=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_APPRAISE_MODSIG=y
@@ -12317,7 +12318,7 @@ CONFIG_IMA_TRUSTED_KEYRING=y
 # CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
 CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 CONFIG_EVM=y
 CONFIG_EVM_ATTR_FSUUID=y
diff --git a/config/armv6hl/vanilla b/config/armv6hl/vanilla
index 8bddc7d..79964e9 100644
--- a/config/armv6hl/vanilla
+++ b/config/armv6hl/vanilla
@@ -8365,6 +8365,7 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
diff --git a/config/armv7hl/vanilla b/config/armv7hl/vanilla
index 59f94ba..c78f65d 100644
--- a/config/armv7hl/vanilla
+++ b/config/armv7hl/vanilla
@@ -11833,6 +11833,7 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
diff --git a/config/riscv64/vanilla b/config/riscv64/vanilla
index 50356ce..fa00fad 100644
--- a/config/riscv64/vanilla
+++ b/config/riscv64/vanilla
@@ -9368,6 +9368,7 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
diff --git a/config/x86_64/vanilla b/config/x86_64/vanilla
index 1eae7c0..2f574c4 100644
--- a/config/x86_64/vanilla
+++ b/config/x86_64/vanilla
@@ -10335,6 +10335,7 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_SECURITY_SAFESETID is not set
 CONFIG_SECURITY_LOCKDOWN_LSM=y
 CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
 # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
@@ -10362,7 +10363,7 @@ CONFIG_IMA_DEFAULT_HASH="sha256"
 # CONFIG_IMA_WRITE_POLICY is not set
 CONFIG_IMA_READ_POLICY=y
 CONFIG_IMA_APPRAISE=y
-# CONFIG_IMA_ARCH_POLICY is not set
+CONFIG_IMA_ARCH_POLICY=y
 # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
 CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_APPRAISE_MODSIG=y
@@ -10372,7 +10373,7 @@ CONFIG_IMA_TRUSTED_KEYRING=y
 # CONFIG_IMA_LOAD_X509 is not set
 CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
 CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
-# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 # CONFIG_IMA_DISABLE_HTABLE is not set
 CONFIG_EVM=y
 CONFIG_EVM_ATTR_FSUUID=y