Rebase the kernel lockdown patch set

Use the latest version of the kernel lockdown patch set. This includes a few configuration renames: CONFIG_KEXEC_VERIFY_SIG became CONFIG_KEXEC_SIG and CONFIG_KEXEC_SIG_FORCE was added. CONFIG_KEXEC_SIG_FORCE=n because the "kexec_file: Restrict at runtime if the kernel is locked down" patch enforces the signature requirement when the kernel is locked down. CONFIG_LOCK_DOWN_MANDATORY got renamed to CONFIG_LOCK_DOWN_KERNEL_FORCE and remains false as LOCK_DOWN_IN_EFI_SECURE_BOOT covers enabling it for EFI Secure Boot users. Finally, the SysRq patches got dropped for the present.
author: Jeremy Cline <jcline@redhat.com> 2019-04-15 11:10:59 -0400
committer: Jeremy Cline <jcline@redhat.com> 2019-04-15 12:15:16 -0400
commit: 4b5e4234be6539e237a2eaf36decf1b4b41fdc22 (patch)
tree: 8ba72fb6d4ddd5378b105c67f1ac3c98cab75cce /configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE
parent: 8495ba147ba20dc6887c9ec33285166c9a5915f7 (diff)
download: kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.tar.gz
kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.tar.xz
kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE
new file mode 100644
index 000000000..21d707af1
--- /dev/null
+++ b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE
@@ -0,0 +1 @@
+# CONFIG_KEXEC_SIG_FORCE is not set
author	Jeremy Cline <jcline@redhat.com>	2019-04-15 11:10:59 -0400
committer	Jeremy Cline <jcline@redhat.com>	2019-04-15 12:15:16 -0400
commit	4b5e4234be6539e237a2eaf36decf1b4b41fdc22 (patch)
tree	8ba72fb6d4ddd5378b105c67f1ac3c98cab75cce /configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE
parent	8495ba147ba20dc6887c9ec33285166c9a5915f7 (diff)
download	kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.tar.gz kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.tar.xz kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.zip