From 4b5e4234be6539e237a2eaf36decf1b4b41fdc22 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Mon, 15 Apr 2019 11:10:59 -0400 Subject: Rebase the kernel lockdown patch set Use the latest version of the kernel lockdown patch set. This includes a few configuration renames: CONFIG_KEXEC_VERIFY_SIG became CONFIG_KEXEC_SIG and CONFIG_KEXEC_SIG_FORCE was added. CONFIG_KEXEC_SIG_FORCE=n because the "kexec_file: Restrict at runtime if the kernel is locked down" patch enforces the signature requirement when the kernel is locked down. CONFIG_LOCK_DOWN_MANDATORY got renamed to CONFIG_LOCK_DOWN_KERNEL_FORCE and remains false as LOCK_DOWN_IN_EFI_SECURE_BOOT covers enabling it for EFI Secure Boot users. Finally, the SysRq patches got dropped for the present. --- configs/fedora/generic/x86/CONFIG_KEXEC_SIG | 1 + 1 file changed, 1 insertion(+) create mode 100644 configs/fedora/generic/x86/CONFIG_KEXEC_SIG (limited to 'configs/fedora/generic/x86/CONFIG_KEXEC_SIG') diff --git a/configs/fedora/generic/x86/CONFIG_KEXEC_SIG b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG new file mode 100644 index 000000000..67b688658 --- /dev/null +++ b/configs/fedora/generic/x86/CONFIG_KEXEC_SIG @@ -0,0 +1 @@ +CONFIG_KEXEC_SIG=y -- cgit