diff options
| author | Jeremy Cline <jcline@redhat.com> | 2020-03-20 17:56:53 -0400 |
|---|---|---|
| committer | Jeremy Cline <jcline@redhat.com> | 2020-03-20 17:56:53 -0400 |
| commit | aca1c25ebf2c3161429c0117c493b353ba3ac426 (patch) | |
| tree | 71fdb315d80494ffe41cd73a3dde9fb85cd4770c /efi-secureboot.patch | |
| parent | f6d71673bd8b5b170998ebc4c79f33a641f2c983 (diff) | |
| download | kernel-aca1c25ebf2c3161429c0117c493b353ba3ac426.tar.gz kernel-aca1c25ebf2c3161429c0117c493b353ba3ac426.tar.xz kernel-aca1c25ebf2c3161429c0117c493b353ba3ac426.zip | |
Switch Secure Boot to lock down in integrity mode (rhbz 1815571)
Diffstat (limited to 'efi-secureboot.patch')
| -rw-r--r-- | efi-secureboot.patch | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/efi-secureboot.patch b/efi-secureboot.patch index 326c73a0f..90ac9feca 100644 --- a/efi-secureboot.patch +++ b/efi-secureboot.patch @@ -303,7 +303,7 @@ index 1797623b0c3a..fa8ac411bf6e 100644 + +#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT + if (efi_enabled(EFI_SECURE_BOOT)) -+ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_CONFIDENTIALITY_MAX); ++ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX); +#endif + dmi_setup(); |