rpms / kernel

Clone
Source Code
GIT

4b5e423 Rebase the kernel lockdown patch set

Authored and Committed by Jeremy Cline 5 years ago
raw patch tree parent
11 files changed. 840 lines added. 627 lines removed.
configs/fedora/generic/x86/CONFIG_KEXEC_SIG
file added
+1
configs/fedora/generic/x86/CONFIG_KEXEC_SIG_FORCE
file added
+1
configs/fedora/generic/x86/CONFIG_KEXEC_VERIFY_SIG
file removed
-1
configs/fedora/generic/x86/CONFIG_LOCK_DOWN_KERNEL_FORCE
file added
+1
configs/fedora/generic/x86/CONFIG_LOCK_DOWN_MANDATORY
file removed
-1
efi-lockdown.patch
file modified
+797 -551
efi-secureboot.patch
file modified
+28 -66
kernel-i686-debug.config
file modified
+3 -2
kernel-i686.config
file modified
+3 -2
kernel-x86_64-debug.config
file modified
+3 -2
kernel-x86_64.config
file modified
+3 -2 
    Rebase the kernel lockdown patch set
    
    Use the latest version of the kernel lockdown patch set. This includes a
    few configuration renames:
    
    CONFIG_KEXEC_VERIFY_SIG became CONFIG_KEXEC_SIG and
    CONFIG_KEXEC_SIG_FORCE was added. CONFIG_KEXEC_SIG_FORCE=n because the
    "kexec_file: Restrict at runtime if the kernel is locked down" patch
    enforces the signature requirement when the kernel is locked down.
    
    CONFIG_LOCK_DOWN_MANDATORY got renamed to CONFIG_LOCK_DOWN_KERNEL_FORCE
    and remains false as LOCK_DOWN_IN_EFI_SECURE_BOOT covers enabling it for
    EFI Secure Boot users.
    
    Finally, the SysRq patches got dropped for the present.
file added
+1
file added
+1
file removed
-1
file added
+1
file removed
-1
file modified
+797 -551
file modified
+28 -66
file modified
+3 -2
file modified
+3 -2
file modified
+3 -2
file modified
+3 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.