Bug 57166

Summary: Consider to add IPE support for 6.12 and later kernels
Product: Sisyphus Reporter: Constantin <constacalm>
Component: kernel-image-6.12Assignee: kernelbot <kernelbot>
Status: NEW --- QA Contact: qa-sisyphus
Severity: enhancement    
Priority: P5 CC: kernelbot, placeholder
Version: unstable   
Hardware: x86_64   
OS: Linux   

Description Constantin 2025-12-08 15:33:39 MSK 
Consider to add IPE support for 6.12 and later kernels (if possible) and relevant options -- in case of obtainig IPE via LSM support, for example, i.e.:

CONFIG_SECURITY_IPE=y
CONFIG_IPE_BOOT_POLICY=""
CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y
CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y
CONFIG_IPE_PROP_DM_VERITY=y
CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y
CONFIG_IPE_PROP_FS_VERITY=y
CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y

More about IPE here:

https://docs.kernel.org/security/ipe.html

https://docs.kernel.org/admin-guide/LSM/ipe.html