summaryrefslogtreecommitdiffstats
path: root/Add-option-to-automatically-enforce-module-signature.patch
diff options
context:
space:
mode:
authorJosh Boyer <jwboyer@fedoraproject.org>2016-10-27 10:49:53 -0400
committerJosh Boyer <jwboyer@fedoraproject.org>2016-10-27 10:49:53 -0400
commitea38f2f9388111b2e0f202cae81c26629937dead (patch)
treeb6651dd350f764829e88c4d9da414ce0b895e8e4 /Add-option-to-automatically-enforce-module-signature.patch
parent793d04075c43db89f8925515999951df32179fe1 (diff)
downloadkernel-ea38f2f9388111b2e0f202cae81c26629937dead.tar.gz
kernel-ea38f2f9388111b2e0f202cae81c26629937dead.tar.xz
kernel-ea38f2f9388111b2e0f202cae81c26629937dead.zip
Refresh SB patchset to fix bisectability issue
Diffstat (limited to 'Add-option-to-automatically-enforce-module-signature.patch')
-rw-r--r--Add-option-to-automatically-enforce-module-signature.patch30
1 files changed, 15 insertions, 15 deletions
diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch
index aa1983377..ebabac62e 100644
--- a/Add-option-to-automatically-enforce-module-signature.patch
+++ b/Add-option-to-automatically-enforce-module-signature.patch
@@ -1,8 +1,8 @@
-From 0000dc9edd5997cc49b8893a9d5407f89dfa1307 Mon Sep 17 00:00:00 2001
+From 6b6203b92cfb457a0669a9c87a29b360405bffc6 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 18:36:30 -0400
-Subject: [PATCH] Add option to automatically enforce module signatures when in
- Secure Boot mode
+Subject: [PATCH 10/20] Add option to automatically enforce module signatures
+ when in Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
@@ -34,10 +34,10 @@ index 95a4d34af3fd..b8527c6b7646 100644
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
2D0/A00 ALL e820_map E820 memory map table
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 0a7b885964ba..29b8ba9ae713 100644
+index bada636d1065..d666ef8b616c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -1776,6 +1776,17 @@ config EFI_MIXED
+@@ -1786,6 +1786,17 @@ config EFI_MIXED
If unsure, say N.
@@ -56,7 +56,7 @@ index 0a7b885964ba..29b8ba9ae713 100644
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 52fef606bc54..6b8b9a775b46 100644
+index cc69e37548db..ebc85c1eefd6 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -12,6 +12,7 @@
@@ -67,7 +67,7 @@ index 52fef606bc54..6b8b9a775b46 100644
#include "../string.h"
#include "eboot.h"
-@@ -571,6 +572,67 @@ free_handle:
+@@ -537,6 +538,67 @@ static void setup_efi_pci(struct boot_params *params)
efi_call_early(free_pool, pci_handle);
}
@@ -135,7 +135,7 @@ index 52fef606bc54..6b8b9a775b46 100644
static efi_status_t
setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height)
{
-@@ -1126,6 +1188,10 @@ struct boot_params *efi_main(struct efi_config *c,
+@@ -1094,6 +1156,10 @@ struct boot_params *efi_main(struct efi_config *c,
else
setup_boot_services32(efi_early);
@@ -161,10 +161,10 @@ index c18ce67495fa..2b3e5427097b 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index c4e7b3991b60..bdb9881c7afd 100644
+index bbfbca5fea0c..d40e961753c9 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -1152,6 +1152,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
@@ -178,10 +178,10 @@ index c4e7b3991b60..bdb9881c7afd 100644
* Parse the ACPI tables for possible boot-time SMP configuration.
*/
diff --git a/include/linux/module.h b/include/linux/module.h
-index 082298a09df1..38d0597f7615 100644
+index 05bd6c989a0c..32327704e18d 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
-@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
+@@ -260,6 +260,12 @@ extern const typeof(name) __mod_##type##__##name##_device_table \
struct notifier_block;
@@ -195,10 +195,10 @@ index 082298a09df1..38d0597f7615 100644
extern int modules_disabled; /* for sysctl */
diff --git a/kernel/module.c b/kernel/module.c
-index 3c384968f553..ea484f3a35b2 100644
+index cb864505d020..cb1f1da69bf4 100644
--- a/kernel/module.c
+++ b/kernel/module.c
-@@ -4200,6 +4200,13 @@ void module_layout(struct module *mod,
+@@ -4285,6 +4285,13 @@ void module_layout(struct module *mod,
EXPORT_SYMBOL(module_layout);
#endif
@@ -213,5 +213,5 @@ index 3c384968f553..ea484f3a35b2 100644
{
#ifdef CONFIG_MODULE_SIG
--
-2.5.5
+2.9.3