summaryrefslogtreecommitdiffstats
path: root/sb-hibernate.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sb-hibernate.patch')
-rw-r--r--sb-hibernate.patch115
1 files changed, 0 insertions, 115 deletions
diff --git a/sb-hibernate.patch b/sb-hibernate.patch
deleted file mode 100644
index 4b1bd1673..000000000
--- a/sb-hibernate.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-Bugzilla: N/A
-Upstream-status: Fedora mustard
-
-From 9cdffb6980a2c573844b4b87f907da24d68fb916 Mon Sep 17 00:00:00 2001
-From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Fri, 26 Oct 2012 14:02:09 -0400
-Subject: [PATCH] hibernate: Disable in a signed modules environment
-
-There is currently no way to verify the resume image when returning
-from hibernate. This might compromise the signed modules trust model,
-so until we can work with signed hibernate images we disable it in
-a secure modules environment.
-
-Signed-off-by: Josh Boyer <jwboyer@fedoraproject.com>
----
- kernel/power/hibernate.c | 16 +++++++++++++++-
- kernel/power/main.c | 7 ++++++-
- kernel/power/user.c | 1 +
- 3 files changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index 49e0a20fd010..777eff68e8ef 100644
---- a/kernel/power/hibernate.c
-+++ b/kernel/power/hibernate.c
-@@ -29,6 +29,8 @@
- #include <linux/ctype.h>
- #include <linux/genhd.h>
- #include <trace/events/power.h>
-+#include <linux/module.h>
-+#include <linux/efi.h>
-
- #include "power.h"
-
-@@ -642,6 +644,10 @@ int hibernate(void)
- {
- int error;
-
-+ if (secure_modules()) {
-+ return -EPERM;
-+ }
-+
- lock_system_sleep();
- /* The snapshot device should not be opened while we're running */
- if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
-@@ -734,7 +740,7 @@ static int software_resume(void)
- /*
- * If the user said "noresume".. bail out early.
- */
-- if (noresume)
-+ if (noresume || secure_modules())
- return 0;
-
- /*
-@@ -900,6 +906,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
- int i;
- char *start = buf;
-
-+ if (efi_enabled(EFI_SECURE_BOOT)) {
-+ buf += sprintf(buf, "[%s]\n", "disabled");
-+ return buf-start;
-+ }
-+
- for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
- if (!hibernation_modes[i])
- continue;
-@@ -934,6 +945,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
- char *p;
- int mode = HIBERNATION_INVALID;
-
-+ if (secure_modules())
-+ return -EPERM;
-+
- p = memchr(buf, '\n', n);
- len = p ? p - buf : n;
-
-diff --git a/kernel/power/main.c b/kernel/power/main.c
-index 573410d6647e..f5201093adc4 100644
---- a/kernel/power/main.c
-+++ b/kernel/power/main.c
-@@ -15,6 +15,7 @@
- #include <linux/workqueue.h>
- #include <linux/debugfs.h>
- #include <linux/seq_file.h>
-+#include <linux/efi.h>
-
- #include "power.h"
-
-@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
-
- #endif
- #ifdef CONFIG_HIBERNATION
-- s += sprintf(s, "%s\n", "disk");
-+ if (!efi_enabled(EFI_SECURE_BOOT)) {
-+ s += sprintf(s, "%s\n", "disk");
-+ } else {
-+ s += sprintf(s, "\n");
-+ }
- #else
- if (s != buf)
- /* convert the last space to a newline */
-diff --git a/kernel/power/user.c b/kernel/power/user.c
-index efe99dee9510..5f5d1026f1e2 100644
---- a/kernel/power/user.c
-+++ b/kernel/power/user.c
-@@ -25,6 +25,7 @@
- #include <linux/cpu.h>
- #include <linux/freezer.h>
- #include <linux/module.h>
-+#include <linux/efi.h>
-
- #include <asm/uaccess.h>
-
---
-1.9.3
-