diff options
-rw-r--r-- | efi-secureboot.patch | 2 | ||||
-rw-r--r-- | gitrev | 2 | ||||
-rw-r--r-- | kernel.spec | 6 | ||||
-rw-r--r-- | s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch | 4 | ||||
-rw-r--r-- | sources | 3 |
5 files changed, 10 insertions, 7 deletions
diff --git a/efi-secureboot.patch b/efi-secureboot.patch index 326c73a0f..90ac9feca 100644 --- a/efi-secureboot.patch +++ b/efi-secureboot.patch @@ -303,7 +303,7 @@ index 1797623b0c3a..fa8ac411bf6e 100644 + +#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT + if (efi_enabled(EFI_SECURE_BOOT)) -+ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_CONFIDENTIALITY_MAX); ++ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX); +#endif + dmi_setup(); @@ -1 +1 @@ -ac309e7744bee222df6de0122facaf2d9706fa70 +5ad0ec0b86525d0c5d3d250d3cfad7f183b00cfa diff --git a/kernel.spec b/kernel.spec index b0e1f4cec..7546fefa5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -115,7 +115,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 6 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 5.%{upstream_sublevel}.0 %endif @@ -3002,6 +3002,10 @@ fi # # %changelog +* Fri Mar 20 2020 Jeremy Cline <jcline@redhat.com> - 5.6.0-0.rc6.git2.1 +- Linux v5.6-rc6-115-g5ad0ec0b8652 +- Switch Secure Boot to lock down to integrity mode (rhbz 1815571) + * Wed Mar 18 2020 Jeremy Cline <jcline@redhat.com> - 5.6.0-0.rc6.git1.1 - Linux v5.6-rc6-9-gac309e7744be diff --git a/s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch b/s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch index 0779418b4..70e3f76a8 100644 --- a/s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch +++ b/s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch @@ -3,7 +3,7 @@ From: Jeremy Cline <jcline@redhat.com> Date: Wed, 30 Oct 2019 14:37:49 +0000 Subject: [PATCH] s390: Lock down the kernel when the IPL secure flag is set -Automatically lock down the kernel to LOCKDOWN_CONFIDENTIALITY_MAX if +Automatically lock down the kernel to LOCKDOWN_INTEGRITY_MAX if the IPL secure flag is set. Suggested-by: Philipp Rudo <prudo@redhat.com> @@ -56,7 +56,7 @@ index 9cbf490fd162..0510ecdfc3f6 100644 log_component_list(); + if (ipl_get_secureboot()) -+ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_CONFIDENTIALITY_MAX); ++ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX); + /* Have one command line that is parsed and saved in /proc/cmdline */ /* boot_command_line has been already set up in early.c */ @@ -1,4 +1,3 @@ SHA512 (linux-5.5.tar.xz) = fa74fdabb5e63384a39e54da05b86a9ae9ea16179524b041fbbdffc7177e80b53600ae98d76be127ba216148f9dc55fe07ab20637e22c6d6030cb4aa09eb2f86 SHA512 (patch-5.6-rc6.xz) = cb4867da79eaf199e65414be258b1ebf231eff3c506b27d0196c835a05c40937ec02604a982359379ed9a6a7d066f00ca87553df5f57bccfd47db0ceada9ae7f -SHA512 (patch-5.6-rc6-git1.xz) = 0d0c1995e9da2ce8138b3e58a3a7e3d431cccbca869a6889fefeb8c3e8dfee32f6ed0235404a81eaadb9d37ed08e90a17da9c4c194ab6d87efe11240321ef7b6 - +SHA512 (patch-5.6-rc6-git2.xz) = bcf4b88390df78503b1ae4e3154d53e269ecdfc9fc6aeca2a9807a302409168b15988a3a4eafaa9ef94e1bba357dd6245eee9c53027e915a10522e58e7ab6698 |