diff options
| author | Jeremy Cline <jcline@redhat.com> | 2020-03-20 17:56:53 -0400 |
|---|---|---|
| committer | Jeremy Cline <jcline@redhat.com> | 2020-03-23 14:19:30 -0400 |
| commit | e2478b02d5f24647141c9e859b28d20cce8ef675 (patch) | |
| tree | 1927bfd8abd605b2129d8f58e70162e106eb7010 /efi-secureboot.patch | |
| parent | 7913c4b445b93187f96c95e560ba3e7d859af8f4 (diff) | |
| download | kernel-e2478b02d5f24647141c9e859b28d20cce8ef675.tar.gz kernel-e2478b02d5f24647141c9e859b28d20cce8ef675.tar.xz kernel-e2478b02d5f24647141c9e859b28d20cce8ef675.zip | |
Switch Secure Boot to lock down in integrity mode (rhbz 1815571)
Diffstat (limited to 'efi-secureboot.patch')
| -rw-r--r-- | efi-secureboot.patch | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/efi-secureboot.patch b/efi-secureboot.patch index 326c73a0f..90ac9feca 100644 --- a/efi-secureboot.patch +++ b/efi-secureboot.patch @@ -303,7 +303,7 @@ index 1797623b0c3a..fa8ac411bf6e 100644 + +#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT + if (efi_enabled(EFI_SECURE_BOOT)) -+ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_CONFIDENTIALITY_MAX); ++ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX); +#endif + dmi_setup(); |