diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2020-04-26 21:15:20 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2020-04-26 21:15:20 -0500 |
| commit | 6c2cc50051831fa502a8b082a312ca90e7039f3f (patch) | |
| tree | bb474cc356d09fb7963eadaeb127a00f7fed6531 /0001-s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch | |
| parent | d1b6f8c7af0eb9a0a44b2d4723e58dde5eafa236 (diff) | |
| download | kernel-6c2cc50051831fa502a8b082a312ca90e7039f3f.tar.gz kernel-6c2cc50051831fa502a8b082a312ca90e7039f3f.tar.xz kernel-6c2cc50051831fa502a8b082a312ca90e7039f3f.zip | |
kernel-5.7.0-0.rc3.1
* Sun Apr 26 2020 CKI@GitLab <cki-project@redhat.com> [5.7.0-0.rc3.1]
- v5.7-rc3 rebase
- Add cec to the filter overrides ("Justin M. Forbes")
- Add overrides to filter-modules.sh ("Justin M. Forbes")
- Adjust the changelog update script to not push anything (Jeremy Cline)
- Drop --target noarch from the rh-rpms make target (Jeremy Cline)
Resolves: rhbz#
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
Diffstat (limited to '0001-s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch')
| -rw-r--r-- | 0001-s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/0001-s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch b/0001-s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch index 792e1880c..cf1af7933 100644 --- a/0001-s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch +++ b/0001-s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch @@ -1,4 +1,4 @@ -From 74b1d77af819053398b9b5adde9b49d7481339af Mon Sep 17 00:00:00 2001 +From 003d5b374f354ccb30daeb580188e1f4c5cf16bc Mon Sep 17 00:00:00 2001 From: Jeremy Cline <jcline@redhat.com> Date: Wed, 30 Oct 2019 14:37:49 +0000 Subject: [PATCH] s390: Lock down the kernel when the IPL secure flag is set @@ -24,7 +24,7 @@ index b63bd66404b8..3482d9602e68 100644 int ipl_report_add_certificate(struct ipl_report *report, void *key, unsigned long addr, unsigned long len); +bool ipl_get_secureboot(void); - + /* * DIAG 308 support diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c @@ -33,7 +33,7 @@ index 4a71061974fd..9baf0b570c3d 100644 +++ b/arch/s390/kernel/ipl.c @@ -1901,3 +1901,8 @@ int ipl_report_free(struct ipl_report *report) } - + #endif + +bool ipl_get_secureboot(void) @@ -49,13 +49,13 @@ index 36445dd40fdb..b338a050c5aa 100644 #include <linux/compat.h> #include <linux/start_kernel.h> +#include <linux/security.h> - + #include <asm/boot_data.h> #include <asm/ipl.h> @@ -1093,6 +1094,9 @@ void __init setup_arch(char **cmdline_p) - + log_component_list(); - + + if (ipl_get_secureboot()) + security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX); + @@ -63,5 +63,5 @@ index 36445dd40fdb..b338a050c5aa 100644 /* boot_command_line has been already set up in early.c */ *cmdline_p = boot_command_line; -- -2.26.0 +2.26.2 |