summaryrefslogtreecommitdiffstats
path: root/configs
diff options
context:
space:
mode:
authorJeremy Cline <jcline@redhat.com>2019-04-15 11:10:59 -0400
committerJeremy Cline <jcline@redhat.com>2019-04-15 12:15:16 -0400
commit4b5e4234be6539e237a2eaf36decf1b4b41fdc22 (patch)
tree8ba72fb6d4ddd5378b105c67f1ac3c98cab75cce /configs
parent8495ba147ba20dc6887c9ec33285166c9a5915f7 (diff)
downloadkernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.tar.gz
kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.tar.xz
kernel-4b5e4234be6539e237a2eaf36decf1b4b41fdc22.zip
Rebase the kernel lockdown patch set
Use the latest version of the kernel lockdown patch set. This includes a few configuration renames: CONFIG_KEXEC_VERIFY_SIG became CONFIG_KEXEC_SIG and CONFIG_KEXEC_SIG_FORCE was added. CONFIG_KEXEC_SIG_FORCE=n because the "kexec_file: Restrict at runtime if the kernel is locked down" patch enforces the signature requirement when the kernel is locked down. CONFIG_LOCK_DOWN_MANDATORY got renamed to CONFIG_LOCK_DOWN_KERNEL_FORCE and remains false as LOCK_DOWN_IN_EFI_SECURE_BOOT covers enabling it for EFI Secure Boot users. Finally, the SysRq patches got dropped for the present.
Diffstat (limited to 'configs')
-rw-r--r--configs/fedora/generic/x86/CONFIG_KEXEC_SIG1
-rw-r--r--configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE1
-rw-r--r--configs/fedora/generic/x86/CONFIG_KEXEC_VERIFY_SIG1
-rw-r--r--configs/fedora/generic/x86/CONFIG_LOCK_DOWN_KERNEL_FORCE1
-rw-r--r--configs/fedora/generic/x86/CONFIG_LOCK_DOWN_MANDATORY1
5 files changed, 3 insertions, 2 deletions
diff --git a/configs/fedora/generic/x86/CONFIG_KEXEC_SIG b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG
new file mode 100644
index 000000000..67b688658
--- /dev/null
+++ b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG
@@ -0,0 +1 @@
+CONFIG_KEXEC_SIG=y
diff --git a/configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE
new file mode 100644
index 000000000..21d707af1
--- /dev/null
+++ b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE
@@ -0,0 +1 @@
+# CONFIG_KEXEC_SIG_FORCE is not set
diff --git a/configs/fedora/generic/x86/CONFIG_KEXEC_VERIFY_SIG b/configs/fedora/generic/x86/CONFIG_KEXEC_VERIFY_SIG
deleted file mode 100644
index 5f39f1993..000000000
--- a/configs/fedora/generic/x86/CONFIG_KEXEC_VERIFY_SIG
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_KEXEC_VERIFY_SIG=y
diff --git a/configs/fedora/generic/x86/CONFIG_LOCK_DOWN_KERNEL_FORCE b/configs/fedora/generic/x86/CONFIG_LOCK_DOWN_KERNEL_FORCE
new file mode 100644
index 000000000..b6a333ecd
--- /dev/null
+++ b/configs/fedora/generic/x86/CONFIG_LOCK_DOWN_KERNEL_FORCE
@@ -0,0 +1 @@
+# CONFIG_LOCK_DOWN_KERNEL_FORCE is not set
diff --git a/configs/fedora/generic/x86/CONFIG_LOCK_DOWN_MANDATORY b/configs/fedora/generic/x86/CONFIG_LOCK_DOWN_MANDATORY
deleted file mode 100644
index 75d9b3549..000000000
--- a/configs/fedora/generic/x86/CONFIG_LOCK_DOWN_MANDATORY
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_LOCK_DOWN_MANDATORY is not set
generated by cgit (git 2.34.1) at 2024-05-25 15:09:13 +0000