From 5bf5e37a7486ccdfd14568b43d80c148729a5483 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Fri, 6 Apr 2018 12:00:21 -0500
Subject: Linux v4.16-9576-g38c23685b273

---
 efi-lockdown.patch | 45 ---------------------------------------------
 1 file changed, 45 deletions(-)

(limited to 'efi-lockdown.patch')

diff --git a/efi-lockdown.patch b/efi-lockdown.patch
index a567084d7..4f9814181 100644
--- a/efi-lockdown.patch
+++ b/efi-lockdown.patch
@@ -1522,51 +1522,6 @@ index b38737c83a24..6d71e1e97b20 100644
 -- 
 2.14.3
 
-From 5b76b160badb6e53f68a65f0374df700894559bb Mon Sep 17 00:00:00 2001
-From: David Howells <dhowells@redhat.com>
-Date: Tue, 27 Feb 2018 10:04:53 +0000
-Subject: [PATCH 19/31] scsi: Lock down the eata driver
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image.  Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-The eata driver takes a single string parameter that contains a slew of
-settings, including hardware resource configuration.  Prohibit use of the
-parameter if the kernel is locked down.
-
-Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells@redhat.com>
-cc: Dario Ballabio <ballabio_dario@emc.com>
-cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
-cc: "Martin K. Petersen" <martin.petersen@oracle.com>
-cc: linux-scsi@vger.kernel.org
----
- drivers/scsi/eata.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
-index 6501c330d8c8..72fceaa8f3da 100644
---- a/drivers/scsi/eata.c
-+++ b/drivers/scsi/eata.c
-@@ -1552,8 +1552,11 @@ static int eata2x_detect(struct scsi_host_template *tpnt)
-
- 	tpnt->proc_name = "eata2x";
-
--	if (strlen(boot_options))
-+	if (strlen(boot_options)) {
-+		if (kernel_is_locked_down("Command line-specified device addresses, irqs and dma channels"))
-+			return -EPERM;
- 		option_setup(boot_options);
-+	}
-
- #if defined(MODULE)
- 	/* io_port could have been modified when loading as a module */
--- 
-2.14.3
-
 From ebdc673699d9732a1cccfc2f80e84402aa7ec0c9 Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Tue, 27 Feb 2018 10:04:54 +0000
-- 
cgit