diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-06-06 11:22:11 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-06-06 11:22:11 -0500 |
| commit | ead55fdbc7606e96fb1436249e4d121c5119218b (patch) | |
| tree | 100366728bb4ad070af861d75ae858c957e109c7 /efi-secureboot.patch | |
| parent | 95a82995c14190286f60346905a31946806120af (diff) | |
| download | kernel-ead55fdbc7606e96fb1436249e4d121c5119218b.tar.gz kernel-ead55fdbc7606e96fb1436249e4d121c5119218b.tar.xz kernel-ead55fdbc7606e96fb1436249e4d121c5119218b.zip | |
Linux v5.2-rc3-37-g156c05917e09
Diffstat (limited to 'efi-secureboot.patch')
| -rw-r--r-- | efi-secureboot.patch | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/efi-secureboot.patch b/efi-secureboot.patch index f115141df..bb5b47b42 100644 --- a/efi-secureboot.patch +++ b/efi-secureboot.patch @@ -231,8 +231,8 @@ index 9c343f262bdd..30788bc47863 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -244,6 +244,20 @@ config LOCK_DOWN_KERNEL_FORCE - help - Enable the kernel lock down functionality automatically at boot. + Allow the lockdown on a kernel to be lifted, by pressing a SysRq key + combination on a wired keyboard. On x86, this is SysRq+x. +config LOCK_DOWN_IN_EFI_SECURE_BOOT + bool "Lock down the kernel in EFI Secure Boot mode" @@ -260,8 +260,8 @@ index ee00ca2677e7..bb4dc7838f3e 100644 #include <linux/security.h> #include <linux/export.h> +#include <linux/efi.h> - - static __ro_after_init bool kernel_locked_down; + #include <linux/sysrq.h> + #include <asm/setup.h> @@ -44,6 +45,10 @@ void __init init_lockdown(void) #ifdef CONFIG_LOCK_DOWN_FORCE |