Merge remote-tracking branch 'origin/f27' into f27-user-thl-vanilla-fedora

23 files changed, 357 insertions, 19 deletions

diff --git a/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
new file mode 100644
index 000000000..6e8a2e039
--- /dev/null
+++ b/0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
@@ -0,0 +1,109 @@
+From 3ce5852ec6add45a28fe1706e9163351940e905c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:25:29 -0400
+Subject: [PATCH 1/3] Make get_cert_list() not complain about cert lists that
+ aren't present.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ certs/load_uefi.c | 37 ++++++++++++++++++++++---------------
+ 1 file changed, 22 insertions(+), 15 deletions(-)
+
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index 3d884598601..9ef34c44fd1 100644
+--- a/certs/load_uefi.c
++++ b/certs/load_uefi.c
+@@ -35,8 +35,8 @@ static __init bool uefi_check_ignore_db(void)
+ /*
+  * Get a certificate list blob from the named EFI variable.
+  */
+-static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+-				  unsigned long *size)
++static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
++				unsigned long *size, void **cert_list)
+ {
+ 	efi_status_t status;
+ 	unsigned long lsize = 4;
+@@ -44,26 +44,33 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	void *db;
+ 
+ 	status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
++	if (status == EFI_NOT_FOUND) {
++		*size = 0;
++		*cert_list = NULL;
++		return 0;
++	}
++
+ 	if (status != EFI_BUFFER_TOO_SMALL) {
+ 		pr_err("Couldn't get size: 0x%lx\n", status);
+-		return NULL;
++		return efi_status_to_err(status);
+ 	}
+ 
+ 	db = kmalloc(lsize, GFP_KERNEL);
+ 	if (!db) {
+ 		pr_err("Couldn't allocate memory for uefi cert list\n");
+-		return NULL;
++		return -ENOMEM;
+ 	}
+ 
+ 	status = efi.get_variable(name, guid, NULL, &lsize, db);
+ 	if (status != EFI_SUCCESS) {
+ 		kfree(db);
+ 		pr_err("Error reading db var: 0x%lx\n", status);
+-		return NULL;
++		return efi_status_to_err(status);
+ 	}
+ 
+ 	*size = lsize;
+-	return db;
++	*cert_list = db;
++	return 0;
+ }
+ 
+ /*
+@@ -152,10 +159,10 @@ static int __init load_uefi_certs(void)
+ 	 * an error if we can't get them.
+ 	 */
+ 	if (!uefi_check_ignore_db()) {
+-		db = get_cert_list(L"db", &secure_var, &dbsize);
+-		if (!db) {
++		rc = get_cert_list(L"db", &secure_var, &dbsize, &db);
++		if (rc < 0) {
+ 			pr_err("MODSIGN: Couldn't get UEFI db list\n");
+-		} else {
++		} else if (dbsize != 0) {
+ 			rc = parse_efi_signature_list("UEFI:db",
+ 						      db, dbsize, get_handler_for_db);
+ 			if (rc)
+@@ -164,10 +171,10 @@ static int __init load_uefi_certs(void)
+ 		}
+ 	}
+ 
+-	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+-	if (!mok) {
++	rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok);
++	if (rc < 0) {
+ 		pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+-	} else {
++	} else if (moksize != 0) {
+ 		rc = parse_efi_signature_list("UEFI:MokListRT",
+ 					      mok, moksize, get_handler_for_db);
+ 		if (rc)
+@@ -175,10 +182,10 @@ static int __init load_uefi_certs(void)
+ 		kfree(mok);
+ 	}
+ 
+-	dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
+-	if (!dbx) {
++	rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx);
++	if (rc < 0) {
+ 		pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+-	} else {
++	} else if (dbxsize != 0) {
+ 		rc = parse_efi_signature_list("UEFI:dbx",
+ 					      dbx, dbxsize,
+ 					      get_handler_for_dbx);
+-- 
+2.15.0
+
diff --git a/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch b/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
new file mode 100644
index 000000000..0844550b6
--- /dev/null
+++ b/0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
@@ -0,0 +1,183 @@
+From c8218e9b3c38fcd36a2d06eec09952a0c6cee9e0 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:22:13 -0400
+Subject: [PATCH 2/3] Add efi_status_to_str() and rework efi_status_to_err().
+
+This adds efi_status_to_str() for use when printing efi_status_t
+messages, and reworks efi_status_to_err() so that the two use a common
+list of errors.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/linux/efi.h        |   3 ++
+ drivers/firmware/efi/efi.c | 122 ++++++++++++++++++++++++++++++++++-----------
+ 2 files changed, 95 insertions(+), 30 deletions(-)
+
+diff --git a/include/linux/efi.h b/include/linux/efi.h
+index 18b16bf5ce1..436b3c93c3d 100644
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -42,6 +42,8 @@
+ #define EFI_ABORTED		(21 | (1UL << (BITS_PER_LONG-1)))
+ #define EFI_SECURITY_VIOLATION	(26 | (1UL << (BITS_PER_LONG-1)))
+ 
++#define EFI_IS_ERROR(x)		((x) & (1UL << (BITS_PER_LONG-1)))
++
+ typedef unsigned long efi_status_t;
+ typedef u8 efi_bool_t;
+ typedef u16 efi_char16_t;		/* UNICODE character */
+@@ -1183,6 +1185,7 @@ static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+ #endif
+ 
+ extern int efi_status_to_err(efi_status_t status);
++extern const char *efi_status_to_str(efi_status_t status);
+ 
+ /*
+  * Variable Attributes
+diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
+index 557a47829d0..e8f9c7d84e9 100644
+--- a/drivers/firmware/efi/efi.c
++++ b/drivers/firmware/efi/efi.c
+@@ -31,6 +31,7 @@
+ #include <linux/acpi.h>
+ #include <linux/ucs2_string.h>
+ #include <linux/memblock.h>
++#include <linux/bsearch.h>
+ 
+ #include <asm/early_ioremap.h>
+ 
+@@ -865,40 +866,101 @@ int efi_mem_type(unsigned long phys_addr)
+ }
+ #endif
+ 
++struct efi_error_code {
++	efi_status_t status;
++	int errno;
++	const char *description;
++};
++
++static const struct efi_error_code efi_error_codes[] = {
++	{ EFI_SUCCESS, 0, "Success"},
++#if 0
++	{ EFI_LOAD_ERROR, -EPICK_AN_ERRNO, "Load Error"},
++#endif
++	{ EFI_INVALID_PARAMETER, -EINVAL, "Invalid Parameter"},
++	{ EFI_UNSUPPORTED, -ENOSYS, "Unsupported"},
++	{ EFI_BAD_BUFFER_SIZE, -ENOSPC, "Bad Buffer Size"},
++	{ EFI_BUFFER_TOO_SMALL, -ENOSPC, "Buffer Too Small"},
++	{ EFI_NOT_READY, -EAGAIN, "Not Ready"},
++	{ EFI_DEVICE_ERROR, -EIO, "Device Error"},
++	{ EFI_WRITE_PROTECTED, -EROFS, "Write Protected"},
++	{ EFI_OUT_OF_RESOURCES, -ENOMEM, "Out of Resources"},
++#if 0
++	{ EFI_VOLUME_CORRUPTED, -EPICK_AN_ERRNO, "Volume Corrupt"},
++	{ EFI_VOLUME_FULL, -EPICK_AN_ERRNO, "Volume Full"},
++	{ EFI_NO_MEDIA, -EPICK_AN_ERRNO, "No Media"},
++	{ EFI_MEDIA_CHANGED, -EPICK_AN_ERRNO, "Media changed"},
++#endif
++	{ EFI_NOT_FOUND, -ENOENT, "Not Found"},
++#if 0
++	{ EFI_ACCESS_DENIED, -EPICK_AN_ERRNO, "Access Denied"},
++	{ EFI_NO_RESPONSE, -EPICK_AN_ERRNO, "No Response"},
++	{ EFI_NO_MAPPING, -EPICK_AN_ERRNO, "No mapping"},
++	{ EFI_TIMEOUT, -EPICK_AN_ERRNO, "Time out"},
++	{ EFI_NOT_STARTED, -EPICK_AN_ERRNO, "Not started"},
++	{ EFI_ALREADY_STARTED, -EPICK_AN_ERRNO, "Already started"},
++#endif
++	{ EFI_ABORTED, -EINTR, "Aborted"},
++#if 0
++	{ EFI_ICMP_ERROR, -EPICK_AN_ERRNO, "ICMP Error"},
++	{ EFI_TFTP_ERROR, -EPICK_AN_ERRNO, "TFTP Error"},
++	{ EFI_PROTOCOL_ERROR, -EPICK_AN_ERRNO, "Protocol Error"},
++	{ EFI_INCOMPATIBLE_VERSION, -EPICK_AN_ERRNO, "Incompatible Version"},
++#endif
++	{ EFI_SECURITY_VIOLATION, -EACCES, "Security Policy Violation"},
++#if 0
++	{ EFI_CRC_ERROR, -EPICK_AN_ERRNO, "CRC Error"},
++	{ EFI_END_OF_MEDIA, -EPICK_AN_ERRNO, "End of Media"},
++	{ EFI_END_OF_FILE, -EPICK_AN_ERRNO, "End of File"},
++	{ EFI_INVALID_LANGUAGE, -EPICK_AN_ERRNO, "Invalid Languages"},
++	{ EFI_COMPROMISED_DATA, -EPICK_AN_ERRNO, "Compromised Data"},
++
++	// warnings
++	{ EFI_WARN_UNKOWN_GLYPH, -EPICK_AN_ERRNO, "Warning Unknown Glyph"},
++	{ EFI_WARN_DELETE_FAILURE, -EPICK_AN_ERRNO, "Warning Delete Failure"},
++	{ EFI_WARN_WRITE_FAILURE, -EPICK_AN_ERRNO, "Warning Write Failure"},
++	{ EFI_WARN_BUFFER_TOO_SMALL, -EPICK_AN_ERRNO, "Warning Buffer Too Small"},
++#endif
++};
++
++static int
++efi_status_cmp_bsearch(const void *key, const void *item)
++{
++	u64 status = (u64)(uintptr_t)key;
++	struct efi_error_code *code = (struct efi_error_code *)item;
++
++	if (status < code->status)
++		return -1;
++	if (status > code->status)
++		return 1;
++	return 0;
++}
++
+ int efi_status_to_err(efi_status_t status)
+ {
+-	int err;
++	struct efi_error_code *found;
++	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
+ 
+-	switch (status) {
+-	case EFI_SUCCESS:
+-		err = 0;
+-		break;
+-	case EFI_INVALID_PARAMETER:
+-		err = -EINVAL;
+-		break;
+-	case EFI_OUT_OF_RESOURCES:
+-		err = -ENOSPC;
+-		break;
+-	case EFI_DEVICE_ERROR:
+-		err = -EIO;
+-		break;
+-	case EFI_WRITE_PROTECTED:
+-		err = -EROFS;
+-		break;
+-	case EFI_SECURITY_VIOLATION:
+-		err = -EACCES;
+-		break;
+-	case EFI_NOT_FOUND:
+-		err = -ENOENT;
+-		break;
+-	case EFI_ABORTED:
+-		err = -EINTR;
+-		break;
+-	default:
+-		err = -EINVAL;
+-	}
++	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
++			sizeof(struct efi_error_code), num,
++			efi_status_cmp_bsearch);
++	if (!found)
++		return -EINVAL;
++	return found->errno;
++}
+ 
+-	return err;
++const char *
++efi_status_to_str(efi_status_t status)
++{
++	struct efi_error_code *found;
++	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
++
++	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
++			sizeof(struct efi_error_code), num,
++			efi_status_cmp_bsearch);
++	if (!found)
++		return "Unknown error code";
++	return found->description;
+ }
+ 
+ bool efi_is_table_address(unsigned long phys_addr)
+-- 
+2.15.0
+
diff --git a/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch b/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
new file mode 100644
index 000000000..abb313a29
--- /dev/null
+++ b/0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
@@ -0,0 +1,38 @@
+From 520e902d864930e2d4f329983d9ae9781a24231f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:18:30 -0400
+Subject: [PATCH 3/3] Make get_cert_list() use efi_status_to_str() to print
+ error messages.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ certs/load_uefi.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index 9ef34c44fd1..13a2826715d 100644
+--- a/certs/load_uefi.c
++++ b/certs/load_uefi.c
+@@ -51,7 +51,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	}
+ 
+ 	if (status != EFI_BUFFER_TOO_SMALL) {
+-		pr_err("Couldn't get size: 0x%lx\n", status);
++		pr_err("Couldn't get size: %s (0x%lx)\n",
++		       efi_status_to_str(status), status);
+ 		return efi_status_to_err(status);
+ 	}
+ 
+@@ -64,7 +65,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	status = efi.get_variable(name, guid, NULL, &lsize, db);
+ 	if (status != EFI_SUCCESS) {
+ 		kfree(db);
+-		pr_err("Error reading db var: 0x%lx\n", status);
++		pr_err("Error reading db var: %s (0x%lx)\n",
++		       efi_status_to_str(status), status);
+ 		return efi_status_to_err(status);
+ 	}
+ 
+-- 
+2.15.0
+
diff --git a/baseconfig/CONFIG_RESET_ATTACK_MITIGATION b/baseconfig/CONFIG_RESET_ATTACK_MITIGATION
index 8202a7865..eea15dd52 100644
--- a/baseconfig/CONFIG_RESET_ATTACK_MITIGATION
+++ b/baseconfig/CONFIG_RESET_ATTACK_MITIGATION
@@ -1 +1 @@
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config
index fc9f75ce1..c381472f6 100644
--- a/kernel-aarch64-debug.config
+++ b/kernel-aarch64-debug.config
@@ -4410,7 +4410,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 CONFIG_RESET_CONTROLLER=y
 CONFIG_RESET_GPIO=y
 CONFIG_RESET_HISI=y
diff --git a/kernel-aarch64.config b/kernel-aarch64.config
index f41d3ba9d..ff42b3e00 100644
--- a/kernel-aarch64.config
+++ b/kernel-aarch64.config
@@ -4388,7 +4388,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 CONFIG_RESET_CONTROLLER=y
 CONFIG_RESET_GPIO=y
 CONFIG_RESET_HISI=y
diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config
index 7253b5e3a..5590ebaa8 100644
--- a/kernel-armv7hl-debug.config
+++ b/kernel-armv7hl-debug.config
@@ -4748,7 +4748,7 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 CONFIG_RESET_CONTROLLER=y
 CONFIG_RESET_GPIO=y
 # CONFIG_RESET_HSDK_V1 is not set
diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config
index 089ed17f6..a0c27a913 100644
--- a/kernel-armv7hl-lpae-debug.config
+++ b/kernel-armv7hl-lpae-debug.config
@@ -4456,7 +4456,7 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 CONFIG_RESET_CONTROLLER=y
 CONFIG_RESET_GPIO=y
 # CONFIG_RESET_HSDK_V1 is not set
diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config
index cfe6e8fd7..98b8b22c7 100644
--- a/kernel-armv7hl-lpae.config
+++ b/kernel-armv7hl-lpae.config
@@ -4434,7 +4434,7 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 CONFIG_RESET_CONTROLLER=y
 CONFIG_RESET_GPIO=y
 # CONFIG_RESET_HSDK_V1 is not set
diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config
index 7a00bb8ef..517871776 100644
--- a/kernel-armv7hl.config
+++ b/kernel-armv7hl.config
@@ -4726,7 +4726,7 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 CONFIG_RESET_CONTROLLER=y
 CONFIG_RESET_GPIO=y
 # CONFIG_RESET_HSDK_V1 is not set
diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config
index 1ad654068..e97358bc7 100644
--- a/kernel-i686-PAE.config
+++ b/kernel-i686-PAE.config
@@ -4153,7 +4153,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config
index d3982d08b..8f1731c4d 100644
--- a/kernel-i686-PAEdebug.config
+++ b/kernel-i686-PAEdebug.config
@@ -4174,7 +4174,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config
index efb5c21f9..6153a6538 100644
--- a/kernel-i686-debug.config
+++ b/kernel-i686-debug.config
@@ -4174,7 +4174,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-i686.config b/kernel-i686.config
index 56c331cd2..435ea7fde 100644
--- a/kernel-i686.config
+++ b/kernel-i686.config
@@ -4153,7 +4153,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config
index 0ac9d2ea9..89d5614e9 100644
--- a/kernel-ppc64-debug.config
+++ b/kernel-ppc64-debug.config
@@ -3985,7 +3985,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-ppc64.config b/kernel-ppc64.config
index 11d229128..57c9c2dc0 100644
--- a/kernel-ppc64.config
+++ b/kernel-ppc64.config
@@ -3962,7 +3962,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index 0ddbf60bf..688b514ab 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -3924,7 +3924,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index afc203092..d65e528e1 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -3901,7 +3901,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config
index c4d5c0e41..9d4b47cf6 100644
--- a/kernel-s390x-debug.config
+++ b/kernel-s390x-debug.config
@@ -3817,7 +3817,7 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_CONTROLLER is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
diff --git a/kernel-s390x.config b/kernel-s390x.config
index 5ea771b84..6959ed2d0 100644
--- a/kernel-s390x.config
+++ b/kernel-s390x.config
@@ -3794,7 +3794,7 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_CONTROLLER is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config
index 71fb4beb5..07efedd0e 100644
--- a/kernel-x86_64-debug.config
+++ b/kernel-x86_64-debug.config
@@ -4217,7 +4217,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel-x86_64.config b/kernel-x86_64.config
index 3e850d33c..cf7d6fbf5 100644
--- a/kernel-x86_64.config
+++ b/kernel-x86_64.config
@@ -4196,7 +4196,7 @@ CONFIG_RELAY=y
 # CONFIG_RELOCATABLE_TEST is not set
 CONFIG_RELOCATABLE=y
 CONFIG_REMOTEPROC=m
-CONFIG_RESET_ATTACK_MITIGATION=y
+# CONFIG_RESET_ATTACK_MITIGATION is not set
 # CONFIG_RESET_HSDK_V1 is not set
 # CONFIG_RESET_TI_SYSCON is not set
 # CONFIG_RFD_FTL is not set
diff --git a/kernel.spec b/kernel.spec
index d897f6c8e..d1c2c80cb 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -588,6 +588,11 @@ Patch205: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
 
 Patch206: MODSIGN-Support-not-importing-certs-from-db.patch
 
+# bz 1497559 - Make kernel MODSIGN code not error on missing variables
+Patch207: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
+Patch208: 0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch
+Patch209: 0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch
+
 Patch210: disable-i8042-check-on-apple-mac.patch
 
 Patch211: drm-i915-hush-check-crtc-state.patch
@@ -2248,6 +2253,9 @@ fi
 #
 #
 %changelog
+* Mon Jan 08 2018 Laura Abbott <labbott@redhat.com>
+- Disable CONFIG_RESET_ATTACK_MITIGATION (rhbz 1532058)
+
 * Fri Jan 05 2018 Laura Abbott <labbott@redhat.com>
 - Copy module linker script (rhbz 1531182)