diff options
| author | Thorsten Leemhuis <fedora@leemhuis.info> | 2019-07-09 21:08:25 +0200 |
|---|---|---|
| committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2019-07-09 21:08:25 +0200 |
| commit | 959cd3ad26748801b73a3025b9c2835dc70e644c (patch) | |
| tree | f0207748ce26b75a2e277846574a98924acf7eac /efi-secureboot.patch | |
| parent | bb30288ad29d581b4c12c1daf39cd1b265bf254d (diff) | |
| parent | 5c2ab4e801af208f640dc06a07e6a55cca2c1d74 (diff) | |
| download | kernel-959cd3ad26748801b73a3025b9c2835dc70e644c.tar.gz kernel-959cd3ad26748801b73a3025b9c2835dc70e644c.tar.xz kernel-959cd3ad26748801b73a3025b9c2835dc70e644c.zip | |
merge origin, 5.2.0
Diffstat (limited to 'efi-secureboot.patch')
| -rw-r--r-- | efi-secureboot.patch | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/efi-secureboot.patch b/efi-secureboot.patch index f50169541..bb5b47b42 100644 --- a/efi-secureboot.patch +++ b/efi-secureboot.patch @@ -201,9 +201,9 @@ index adeee6329f55..27a54ec878bd 100644 + + init_lockdown(); + - dmi_scan_machine(); - dmi_memdev_walk(); - dmi_set_dump_stack_arch_desc(); + dmi_setup(); + + /* @@ -1159,8 +1164,6 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -231,8 +231,8 @@ index 9c343f262bdd..30788bc47863 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -244,6 +244,20 @@ config LOCK_DOWN_KERNEL_FORCE - help - Enable the kernel lock down functionality automatically at boot. + Allow the lockdown on a kernel to be lifted, by pressing a SysRq key + combination on a wired keyboard. On x86, this is SysRq+x. +config LOCK_DOWN_IN_EFI_SECURE_BOOT + bool "Lock down the kernel in EFI Secure Boot mode" @@ -260,8 +260,8 @@ index ee00ca2677e7..bb4dc7838f3e 100644 #include <linux/security.h> #include <linux/export.h> +#include <linux/efi.h> - - static __ro_after_init bool kernel_locked_down; + #include <linux/sysrq.h> + #include <asm/setup.h> @@ -44,6 +45,10 @@ void __init init_lockdown(void) #ifdef CONFIG_LOCK_DOWN_FORCE |