diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-11-11 11:24:30 -0500 |
|---|---|---|
| committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-11-11 11:25:55 -0500 |
| commit | f70c487fdb567cdd650d03d0f3eaa82d2480a267 (patch) | |
| tree | 26fc932ce298ffd79d9579288689e2b1ab9bb730 /MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch | |
| parent | e208283f33477c6ad3719ea0c13a400828a25fbe (diff) | |
| download | kernel-f70c487fdb567cdd650d03d0f3eaa82d2480a267.tar.gz kernel-f70c487fdb567cdd650d03d0f3eaa82d2480a267.tar.xz kernel-f70c487fdb567cdd650d03d0f3eaa82d2480a267.zip | |
Linux v4.3
Diffstat (limited to 'MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch')
| -rw-r--r-- | MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch index b136acaf0..8a484b6d8 100644 --- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch +++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch @@ -1,3 +1,4 @@ +From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001 From: Josh Boyer <jwboyer@fedoraproject.org> Date: Fri, 26 Oct 2012 12:42:16 -0400 Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot @@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> create mode 100644 kernel/modsign_uefi.c diff --git a/include/linux/efi.h b/include/linux/efi.h -index 706b16fa6de8..470e8dfcb517 100644 +index 85ef051ac6fb..a042b2ece788 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -595,6 +595,12 @@ void efi_native_runtime_setup(void); - #define EFI_CERT_X509_GUID \ - EFI_GUID( 0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 ) +@@ -600,6 +600,12 @@ typedef struct { + u64 table; + } efi_config_table_64_t; +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + EFI_GUID( 0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f ) @@ -40,12 +41,12 @@ index 706b16fa6de8..470e8dfcb517 100644 + typedef struct { efi_guid_t guid; - u64 table; + u32 table; diff --git a/init/Kconfig b/init/Kconfig -index eca8ab59ae7f..9a782b02e4d5 100644 +index 02da9f1fd9df..90c73a0564b1 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1888,6 +1888,15 @@ config MODULE_SIG_ALL +@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL comment "Do not forget to sign required modules with scripts/sign-file" depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL @@ -62,26 +63,26 @@ index eca8ab59ae7f..9a782b02e4d5 100644 prompt "Which hash algorithm should modules be signed with?" depends on MODULE_SIG diff --git a/kernel/Makefile b/kernel/Makefile -index 1408b3353a3c..8a3be67a3a15 100644 +index d4988410b410..55e886239e7e 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o - obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o +@@ -47,6 +47,7 @@ endif + obj-$(CONFIG_UID16) += uid16.o obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULE_SIG) += module_signing.o +obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o - obj-$(CONFIG_KEXEC) += kexec.o -@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o + obj-$(CONFIG_KEXEC_CORE) += kexec_core.o +@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o - $(obj)/configs.o: $(obj)/config_data.h + obj-$(CONFIG_HAS_IOMEM) += memremap.o +$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar + + $(obj)/configs.o: $(obj)/config_data.h + # config_data.h contains the same information as ikconfig.h but gzipped. - # Info from config_data can be extracted from /proc/config* - targets += config_data.gz diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c new file mode 100644 index 000000000000..94b0eb38a284 @@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284 + return rc; +} +late_initcall(load_uefi_certs); +-- +2.4.3 + |