From 580c181df87a54a133f71f909cdfb97821e9fab2 Mon Sep 17 00:00:00 2001
From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Date: Wed, 4 Sep 2024 17:18:13 +0200
Subject: [PATCH] sys-kernel/coreos-modules: Enable lockdown when booted with
 secure boot

This is a requirement of the shim signing process.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
 .../sys-kernel/coreos-modules/files/commonconfig-6.6             | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6
index 285289282d..80eaaeec69 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6
@@ -422,6 +422,7 @@ CONFIG_LEDS_CLASS=y
 CONFIG_LIBFC=m
 CONFIG_LIBFCOE=m
 # CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 CONFIG_LOG_BUF_SHIFT=18
 CONFIG_LOOPBACK_TARGET=m
 CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor"