Linux v5.3-13236-g97f9a3c4eee5

This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.
This commit is contained in:
Jeremy Cline 2019-09-30 20:00:17 +00:00
parent b82da9d02c
commit e21e52b608
35 changed files with 291 additions and 2231 deletions

View File

@ -39,9 +39,9 @@ index 557a47829d0..e8f9c7d84e9 100644
--- a/drivers/firmware/efi/efi.c --- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
#include <linux/acpi.h>
#include <linux/ucs2_string.h> #include <linux/ucs2_string.h>
#include <linux/memblock.h> #include <linux/memblock.h>
#include <linux/security.h>
+#include <linux/bsearch.h> +#include <linux/bsearch.h>
#include <asm/early_ioremap.h> #include <asm/early_ioremap.h>

View File

@ -13,34 +13,24 @@ As such, kernel modules signed with keys from the MokList variable
were not successfully verified. were not successfully verified.
Signed-off-by: Robert Holmes <robeholmes@gmail.com> Signed-off-by: Robert Holmes <robeholmes@gmail.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
--- ---
kernel/module_signing.c | 16 ++++++++++++---- kernel/module_signing.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-) 1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/kernel/module_signing.c b/kernel/module_signing.c diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 6b9a926fd86b..cf94220e9154 100644 index 9d9fc678c91d..84ad75a53c83 100644
--- a/kernel/module_signing.c --- a/kernel/module_signing.c
+++ b/kernel/module_signing.c +++ b/kernel/module_signing.c
@@ -49,6 +49,7 @@ int mod_verify_sig(const void *mod, struct load_info *info) @@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
{ modlen -= sig_len + sizeof(ms);
struct module_signature ms; info->len = modlen;
size_t sig_len, modlen = info->len;
+ int ret;
pr_devel("==>%s(,%zu)\n", __func__, modlen);
@@ -82,8 +83,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
return -EBADMSG;
}
- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, - return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
- VERIFY_USE_SECONDARY_KEYRING,
- VERIFYING_MODULE_SIGNATURE,
- NULL, NULL);
+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+ VERIFY_USE_SECONDARY_KEYRING, VERIFY_USE_SECONDARY_KEYRING,
+ VERIFYING_MODULE_SIGNATURE, VERIFYING_MODULE_SIGNATURE,
+ NULL, NULL); NULL, NULL);
+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { + if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+ VERIFY_USE_PLATFORM_KEYRING, + VERIFY_USE_PLATFORM_KEYRING,
@ -51,4 +41,3 @@ index 6b9a926fd86b..cf94220e9154 100644
} }
-- --
2.21.0 2.21.0

View File

@ -1,128 +0,0 @@
From patchwork Thu Sep 5 19:24:12 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lee Jones <lee.jones@linaro.org>
X-Patchwork-Id: 11133827
Return-Path: <SRS0=OmJI=XA=vger.kernel.org=linux-arm-msm-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DDFD514ED
for <patchwork-linux-arm-msm@patchwork.kernel.org>;
Thu, 5 Sep 2019 19:24:19 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id D540020870
for <patchwork-linux-arm-msm@patchwork.kernel.org>;
Thu, 5 Sep 2019 19:24:19 +0000 (UTC)
Authentication-Results: mail.kernel.org;
dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org
header.b="j/6kUy9p"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1727540AbfIETYS (ORCPT
<rfc822;patchwork-linux-arm-msm@patchwork.kernel.org>);
Thu, 5 Sep 2019 15:24:18 -0400
Received: from mail-wr1-f49.google.com ([209.85.221.49]:36821 "EHLO
mail-wr1-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1726008AbfIETYS (ORCPT
<rfc822;linux-arm-msm@vger.kernel.org>);
Thu, 5 Sep 2019 15:24:18 -0400
Received: by mail-wr1-f49.google.com with SMTP id y19so4081592wrd.3
for <linux-arm-msm@vger.kernel.org>;
Thu, 05 Sep 2019 12:24:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=linaro.org; s=google;
h=from:to:cc:subject:date:message-id;
bh=19vbMBbLeKgWt8VsEseKuJu+9+rmeS/Lh0ZhXOFWQYc=;
b=j/6kUy9psCaV+YLvz8j0kAZ3/WrmOU3xyh5rDOj0TwK0TnwjLtaLil9Q+C9KpFvvVG
h4R8p4cZFB0U4b/PAfc9Xt4p4xJNkAIpTzL4QRjM+nkXdDcYyiwUGkr9BRJnJmO0lyZB
zmylqwjRd1oOrTQ1tPvwqUV3OUR5u6WA+rDyhn+A516vskkns0bEICMG787HdDEwjigd
+3SR4L9u7swSDpNhqxtfPsn9UFP36sehUfgx32xUcjUhX3ls4RtX+6HCZU+rkeQuILt5
0qlmqliIuKXWkQe+ii/gtrK+ulFQ7lEl76YfDJyqXVo4Z357rIhVFAz+mooVn5qpscmU
E+xA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id;
bh=19vbMBbLeKgWt8VsEseKuJu+9+rmeS/Lh0ZhXOFWQYc=;
b=QjFuCunKeBkoabY9fIsWTo3krapsS69k52eNtOIeLBaCd7M1lvCmItn41DcbJ5ykqT
RQ0rnlNq35x9QvKNumPai3fMZp9AWt3KpJpxbpEokltyLbkGUqRWaeYTrOtuV9P9nRmT
Yj72UBVzYj4d/G+FGq8EBesWjRyEFC51+RekvPlbRZ/h1fVW7/XAy5cO1ywnHrtNe8pQ
7gYQJ3Xh1Y09qkiO0i8iru5PSMTK3U+vPSLWVdFOeqMh+Beins6I9mbKf+UX+xa8ECK3
mEFjYxY57YVx+SpaKrmBwEmu9YXLgXqEif1OH1FHFiKZVQ4ABPp19D4+5JOXEV1tCwUS
B6Qw==
X-Gm-Message-State: APjAAAUM7yEkrkGZ+mbleFtCMQGsXfLQSXt2Bd+K6leuP2oAs8Vj1j9k
4bsoJvF042q/z9+6bnLlGShjoA==
X-Google-Smtp-Source:
APXvYqyThx0kWliMdrjc7dedZ/+AhabFi7TIc04exnxhWAEkAOh7foRP8Cz8ZjjhxGJCvUyUPA4lFg==
X-Received: by 2002:adf:ea0c:: with SMTP id q12mr4172788wrm.172.1567711455933;
Thu, 05 Sep 2019 12:24:15 -0700 (PDT)
Received: from localhost.localdomain ([95.147.198.36])
by smtp.gmail.com with ESMTPSA id
q24sm7942378wmc.3.2019.09.05.12.24.14
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 05 Sep 2019 12:24:14 -0700 (PDT)
From: Lee Jones <lee.jones@linaro.org>
To: alokc@codeaurora.org, agross@kernel.org, robh+dt@kernel.org,
mark.rutland@arm.com, bjorn.andersson@linaro.org, vkoul@kernel.org,
wsa@the-dreams.de
Cc: linux-i2c@vger.kernel.org, linux-arm-msm@vger.kernel.org,
devicetree@vger.kernel.org, Lee Jones <lee.jones@linaro.org>
Subject: [RESEND v3 1/1] i2c: qcom-geni: Disable DMA processing on the Lenovo
Yoga C630
Date: Thu, 5 Sep 2019 20:24:12 +0100
Message-Id: <20190905192412.23116-1-lee.jones@linaro.org>
X-Mailer: git-send-email 2.17.1
Sender: linux-arm-msm-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-arm-msm.vger.kernel.org>
X-Mailing-List: linux-arm-msm@vger.kernel.org
We have a production-level laptop (Lenovo Yoga C630) which is exhibiting
a rather horrific bug. When I2C HID devices are being scanned for at
boot-time the QCom Geni based I2C (Serial Engine) attempts to use DMA.
When it does, the laptop reboots and the user never sees the OS.
Attempts are being made to debug the reason for the spontaneous reboot.
No luck so far, hence the requirement for this hot-fix. This workaround
will be removed once we have a viable fix.
Signed-off-by: Lee Jones <lee.jones@linaro.org>
---
drivers/i2c/busses/i2c-qcom-geni.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/i2c/busses/i2c-qcom-geni.c b/drivers/i2c/busses/i2c-qcom-geni.c
index a89bfce5388e..17abf60c94ae 100644
--- a/drivers/i2c/busses/i2c-qcom-geni.c
+++ b/drivers/i2c/busses/i2c-qcom-geni.c
@@ -355,11 +355,13 @@ static int geni_i2c_rx_one_msg(struct geni_i2c_dev *gi2c, struct i2c_msg *msg,
{
dma_addr_t rx_dma;
unsigned long time_left;
- void *dma_buf;
+ void *dma_buf = NULL;
struct geni_se *se = &gi2c->se;
size_t len = msg->len;
- dma_buf = i2c_get_dma_safe_msg_buf(msg, 32);
+ if (!of_machine_is_compatible("lenovo,yoga-c630"))
+ dma_buf = i2c_get_dma_safe_msg_buf(msg, 32);
+
if (dma_buf)
geni_se_select_mode(se, GENI_SE_DMA);
else
@@ -394,11 +396,13 @@ static int geni_i2c_tx_one_msg(struct geni_i2c_dev *gi2c, struct i2c_msg *msg,
{
dma_addr_t tx_dma;
unsigned long time_left;
- void *dma_buf;
+ void *dma_buf = NULL;
struct geni_se *se = &gi2c->se;
size_t len = msg->len;
- dma_buf = i2c_get_dma_safe_msg_buf(msg, 32);
+ if (!of_machine_is_compatible("lenovo,yoga-c630"))
+ dma_buf = i2c_get_dma_safe_msg_buf(msg, 32);
+
if (dma_buf)
geni_se_select_mode(se, GENI_SE_DMA);
else

View File

@ -0,0 +1 @@
# CONFIG_IMA_APPRAISE_MODSIG is not set

View File

@ -0,0 +1 @@
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set

View File

@ -0,0 +1 @@
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set

View File

@ -0,0 +1 @@
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y

View File

@ -1 +1 @@
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y

View File

@ -0,0 +1 @@
CONFIG_SECURITY_LOCKDOWN_LSM=y

View File

@ -0,0 +1 @@
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y

View File

@ -0,0 +1 @@
CONFIG_VIRTIO_FS=m

View File

@ -0,0 +1 @@
# CONFIG_IMX7ULP_WDT is not set

View File

@ -0,0 +1 @@
CONFIG_KEXEC_SIG=y

View File

@ -0,0 +1 @@
CONFIG_KEXEC_SIG=y

View File

@ -1 +0,0 @@
CONFIG_OPTIMIZE_INLINING=y

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,109 @@
From 478a0cff698409224330ea9e25eb332220b55dbb Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Mon, 30 Sep 2019 21:22:47 +0000
Subject: [PATCH 1/3] security: lockdown: expose a hook to lock the kernel down
In order to automatically lock down kernels running on UEFI machines
booted in Secure Boot mode, expose the lock_kernel_down() hook.
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
include/linux/lsm_hooks.h | 8 ++++++++
include/linux/security.h | 5 +++++
security/lockdown/lockdown.c | 1 +
security/security.c | 6 ++++++
4 files changed, 20 insertions(+)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index a3763247547c..8d76d1f153ed 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1454,6 +1454,12 @@
* code execution in kernel space should be permitted.
*
* @what: kernel feature being accessed
+ *
+ * @lock_kernel_down
+ * Put the kernel into lock-down mode.
+ *
+ * @where: Where the lock-down is originating from (e.g. command line option)
+ * @level: The lock-down level (can only increase)
*/
union security_list_options {
int (*binder_set_context_mgr)(struct task_struct *mgr);
@@ -1818,6 +1824,7 @@ union security_list_options {
void (*bpf_prog_free_security)(struct bpf_prog_aux *aux);
#endif /* CONFIG_BPF_SYSCALL */
int (*locked_down)(enum lockdown_reason what);
+ int (*lock_kernel_down)(const char *where, enum lockdown_reason level);
};
struct security_hook_heads {
@@ -2060,6 +2067,7 @@ struct security_hook_heads {
struct hlist_head bpf_prog_free_security;
#endif /* CONFIG_BPF_SYSCALL */
struct hlist_head locked_down;
+ struct hlist_head lock_kernel_down;
} __randomize_layout;
/*
diff --git a/include/linux/security.h b/include/linux/security.h
index a8d59d612d27..467b9ccdf993 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -442,6 +442,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
int security_locked_down(enum lockdown_reason what);
+int security_lock_kernel_down(const char *where, enum lockdown_reason level);
#else /* CONFIG_SECURITY */
static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
@@ -1269,6 +1270,10 @@ static inline int security_locked_down(enum lockdown_reason what)
{
return 0;
}
+static inline int security_lock_kernel_down(const char *where, enum lockdown_reason level);
+{
+ return 0;
+}
#endif /* CONFIG_SECURITY */
#ifdef CONFIG_SECURITY_NETWORK
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 8a10b43daf74..72a623075749 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -97,6 +97,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(locked_down, lockdown_is_locked_down),
+ LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down),
};
static int __init lockdown_lsm_init(void)
diff --git a/security/security.c b/security/security.c
index 1bc000f834e2..1506b95427cf 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2404,3 +2404,9 @@ int security_locked_down(enum lockdown_reason what)
return call_int_hook(locked_down, 0, what);
}
EXPORT_SYMBOL(security_locked_down);
+
+int security_lock_kernel_down(const char *where, enum lockdown_reason level)
+{
+ return call_int_hook(lock_kernel_down, 0, where, level);
+}
+EXPORT_SYMBOL(security_lock_kernel_down);
--
2.21.0
From b5123d0553f4ed5e734f6457696cdd30228d1eee Mon Sep 17 00:00:00 2001 From b5123d0553f4ed5e734f6457696cdd30228d1eee Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com> From: David Howells <dhowells@redhat.com>
Date: Tue, 27 Feb 2018 10:04:55 +0000 Date: Tue, 27 Feb 2018 10:04:55 +0000
Subject: [PATCH 29/31] efi: Add an EFI_SECURE_BOOT flag to indicate secure Subject: [PATCH 2/3] efi: Add an EFI_SECURE_BOOT flag to indicate secure
boot mode boot mode
UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
@ -160,119 +262,73 @@ index 21d81021c1f4..758ec061d03b 100644
2.21.0 2.21.0
From d78bf678059f83e22bec8ada1a448e22b9b90203 Mon Sep 17 00:00:00 2001 From 15368f76d4997912318d35c52bfeb9041d85098e Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com> From: David Howells <dhowells@redhat.com>
Date: Tue, 27 Feb 2018 10:04:55 +0000 Date: Mon, 30 Sep 2019 21:28:16 +0000
Subject: [PATCH 30/31] efi: Lock down the kernel if booted in secure boot mode Subject: [PATCH 3/3] efi: Lock down the kernel if booted in secure boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will UEFI Secure Boot provides a mechanism for ensuring that the firmware
only load signed bootloaders and kernels. Certain use cases may also will only load signed bootloaders and kernels. Certain use cases may
require that all kernel modules also be signed. Add a configuration option also require that all kernel modules also be signed. Add a
that to lock down the kernel - which includes requiring validly signed configuration option that to lock down the kernel - which includes
modules - if the kernel is secure-booted. requiring validly signed modules - if the kernel is secure-booted.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jeremy Cline <jcline@redhat.com>
cc: linux-efi@vger.kernel.org
--- ---
arch/x86/kernel/setup.c | 6 ++++-- arch/x86/kernel/setup.c | 8 ++++++++
fs/debugfs/inode.c | 2 +- security/lockdown/Kconfig | 13 +++++++++++++
security/Kconfig | 14 ++++++++++++++ 2 files changed, 21 insertions(+)
security/lock_down.c | 5 +++++
4 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index adeee6329f55..27a54ec878bd 100644 index 77ea96b794bd..a119e1bc9623 100644
--- a/arch/x86/kernel/setup.c --- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c
@@ -65,6 +65,7 @@ @@ -73,6 +73,7 @@
#include <linux/dma-mapping.h> #include <linux/jiffies.h>
#include <linux/ctype.h> #include <linux/mem_encrypt.h>
#include <linux/uaccess.h> #include <linux/sizes.h>
+#include <linux/security.h> +#include <linux/security.h>
#include <linux/percpu.h> #include <linux/usb/xhci-dbgp.h>
#include <linux/crash_dump.h> #include <video/edid.h>
@@ -1005,6 +1006,10 @@ void __init setup_arch(char **cmdline_p) @@ -1027,6 +1028,13 @@ void __init setup_arch(char **cmdline_p)
if (efi_enabled(EFI_BOOT)) if (efi_enabled(EFI_BOOT))
efi_init(); efi_init();
+ efi_set_secure_boot(boot_params.secure_boot); + efi_set_secure_boot(boot_params.secure_boot);
+ +
+ init_lockdown(); +#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
+ if (efi_enabled(EFI_SECURE_BOOT))
+ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_CONFIDENTIALITY_MAX);
+#endif
+ +
dmi_setup(); dmi_setup();
/* /*
@@ -1159,8 +1164,6 @@ void __init setup_arch(char **cmdline_p) diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
/* Allocate bigger log buffer */ index e84ddf484010..d0501353a4b9 100644
setup_log_buf(1); --- a/security/lockdown/Kconfig
+++ b/security/lockdown/Kconfig
- efi_set_secure_boot(boot_params.secure_boot); @@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY
- subsystem is fully initialised. If enabled, lockdown will
reserve_initrd(); unconditionally be called before any other LSMs.
acpi_table_upgrade();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index ce261e1765ff..7aff55b309a6 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -40,7 +40,7 @@ static bool debugfs_registered;
static int debugfs_setattr(struct dentry *dentry, struct iattr *ia)
{
if ((ia->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)) &&
- kernel_is_locked_down("debugfs"))
+ kernel_is_locked_down("changing perms in debugfs"))
return -EPERM;
return simple_setattr(dentry, ia);
}
diff --git a/security/Kconfig b/security/Kconfig
index 9c343f262bdd..30788bc47863 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -244,6 +244,20 @@ config LOCK_DOWN_KERNEL_FORCE
Allow the lockdown on a kernel to be lifted, by pressing a SysRq key
combination on a wired keyboard. On x86, this is SysRq+x.
+config LOCK_DOWN_IN_EFI_SECURE_BOOT +config LOCK_DOWN_IN_EFI_SECURE_BOOT
+ bool "Lock down the kernel in EFI Secure Boot mode" + bool "Lock down the kernel in EFI Secure Boot mode"
+ default n + default n
+ select LOCK_DOWN_KERNEL + depends on EFI && SECURITY_LOCKDOWN_LSM_EARLY
+ depends on EFI
+ help + help
+ UEFI Secure Boot provides a mechanism for ensuring that the firmware + UEFI Secure Boot provides a mechanism for ensuring that the firmware
+ will only load signed bootloaders and kernels. Secure boot mode may + will only load signed bootloaders and kernels. Secure boot mode may
+ be determined from EFI variables provided by the system firmware if + be determined from EFI variables provided by the system firmware if
+ not indicated by the boot parameters. + not indicated by the boot parameters.
+ +
+ Enabling this option turns on results in kernel lockdown being + Enabling this option results in kernel lockdown being triggered if
+ triggered if EFI Secure Boot is set. + EFI Secure Boot is set.
+ +
source "security/selinux/Kconfig" choice
source "security/smack/Kconfig" prompt "Kernel default lockdown mode"
source "security/tomoyo/Kconfig" default LOCK_DOWN_KERNEL_FORCE_NONE
diff --git a/security/lock_down.c b/security/lock_down.c
index ee00ca2677e7..bb4dc7838f3e 100644
--- a/security/lock_down.c
+++ b/security/lock_down.c
@@ -12,6 +12,7 @@
#include <linux/security.h>
#include <linux/export.h>
+#include <linux/efi.h>
#include <linux/sysrq.h>
#include <asm/setup.h>
@@ -44,6 +45,10 @@ void __init init_lockdown(void)
#ifdef CONFIG_LOCK_DOWN_FORCE
lock_kernel_down("Kernel configuration");
#endif
+#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
+ if (efi_enabled(EFI_SECURE_BOOT))
+ lock_kernel_down("EFI secure boot");
+#endif
}
/**
-- --
2.14.3 2.21.0

2
gitrev
View File

@ -1 +1 @@
f41def397161053eb0d3ed6861ef65985efbf293 97f9a3c4eee55b0178b518ae7114a6a53372913d

View File

@ -1,87 +0,0 @@
From patchwork Tue Sep 24 10:30:57 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Luca Coelho <luca@coelho.fi>
X-Patchwork-Id: 11158395
X-Patchwork-Delegate: kvalo@adurom.com
Return-Path: <SRS0=l3ON=XT=vger.kernel.org=linux-wireless-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 62FF3112B
for <patchwork-linux-wireless@patchwork.kernel.org>;
Tue, 24 Sep 2019 10:31:06 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id 4AA4E214D9
for <patchwork-linux-wireless@patchwork.kernel.org>;
Tue, 24 Sep 2019 10:31:06 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S2409468AbfIXKbF (ORCPT
<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
Tue, 24 Sep 2019 06:31:05 -0400
Received: from paleale.coelho.fi ([176.9.41.70]:44742 "EHLO
farmhouse.coelho.fi" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
with ESMTP id S2387644AbfIXKbF (ORCPT
<rfc822;linux-wireless@vger.kernel.org>);
Tue, 24 Sep 2019 06:31:05 -0400
Received: from [91.156.6.193] (helo=redipa.ger.corp.intel.com)
by farmhouse.coelho.fi with esmtpsa
(TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.92)
(envelope-from <luca@coelho.fi>)
id 1iCi63-0005Je-8E; Tue, 24 Sep 2019 13:31:03 +0300
From: Luca Coelho <luca@coelho.fi>
To: kvalo@codeaurora.org
Cc: linux-wireless@vger.kernel.org
Date: Tue, 24 Sep 2019 13:30:57 +0300
Message-Id: <20190924103057.17147-1-luca@coelho.fi>
X-Mailer: git-send-email 2.23.0
MIME-Version: 1.0
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on farmhouse.coelho.fi
X-Spam-Level:
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00,
URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2
Subject: [PATCH v5.4] iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW
version 36
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
From: Luca Coelho <luciano.coelho@intel.com>
The intention was to have the GEO_TX_POWER_LIMIT command in FW version
36 as well, but not all 8000 family got this feature enabled. The
8000 family is the only one using version 36, so skip this version
entirely. If we try to send this command to the firmwares that do not
support it, we get a BAD_COMMAND response from the firmware.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=204151.
Cc: stable@vger.kernel.org # 4.19+
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
index 014eca6596e2..32a5e4e5461f 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
@@ -889,11 +889,13 @@ static bool iwl_mvm_sar_geo_support(struct iwl_mvm *mvm)
* firmware versions. Unfortunately, we don't have a TLV API
* flag to rely on, so rely on the major version which is in
* the first byte of ucode_ver. This was implemented
- * initially on version 38 and then backported to 36, 29 and
- * 17.
+ * initially on version 38 and then backported to29 and 17.
+ * The intention was to have it in 36 as well, but not all
+ * 8000 family got this feature enabled. The 8000 family is
+ * the only one using version 36, so skip this version
+ * entirely.
*/
return IWL_UCODE_SERIAL(mvm->fw->ucode_ver) >= 38 ||
- IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 36 ||
IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 29 ||
IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 17;
}

View File

@ -2456,6 +2456,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2477,6 +2478,7 @@ CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m CONFIG_IMX7D_ADC=m
# CONFIG_IMX7ULP_WDT is not set
# CONFIG_IMX_DMA is not set # CONFIG_IMX_DMA is not set
# CONFIG_IMX_DSP is not set # CONFIG_IMX_DSP is not set
CONFIG_IMX_GPCV2_PM_DOMAINS=y CONFIG_IMX_GPCV2_PM_DOMAINS=y
@ -2928,6 +2930,7 @@ CONFIG_KERNEL_MODE_NEON=y
# CONFIG_KERNEL_UNCOMPRESSED is not set # CONFIG_KERNEL_UNCOMPRESSED is not set
# CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_XZ is not set
# CONFIG_KEXEC_FILE is not set # CONFIG_KEXEC_FILE is not set
CONFIG_KEXEC_SIG=y
CONFIG_KEXEC=y CONFIG_KEXEC=y
CONFIG_KEYBOARD_ADC=m CONFIG_KEYBOARD_ADC=m
# CONFIG_KEYBOARD_ADP5588 is not set # CONFIG_KEYBOARD_ADP5588 is not set
@ -3122,6 +3125,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_EVENT_COUNTS=y
@ -4310,7 +4316,7 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPT3001=m CONFIG_OPT3001=m
CONFIG_OPTEE=m CONFIG_OPTEE=m
CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1 CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -5374,6 +5380,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -7154,6 +7162,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2440,6 +2440,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2461,6 +2462,7 @@ CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m CONFIG_IMX7D_ADC=m
# CONFIG_IMX7ULP_WDT is not set
# CONFIG_IMX_DMA is not set # CONFIG_IMX_DMA is not set
# CONFIG_IMX_DSP is not set # CONFIG_IMX_DSP is not set
CONFIG_IMX_GPCV2_PM_DOMAINS=y CONFIG_IMX_GPCV2_PM_DOMAINS=y
@ -2910,6 +2912,7 @@ CONFIG_KERNEL_MODE_NEON=y
# CONFIG_KERNEL_UNCOMPRESSED is not set # CONFIG_KERNEL_UNCOMPRESSED is not set
# CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_XZ is not set
# CONFIG_KEXEC_FILE is not set # CONFIG_KEXEC_FILE is not set
CONFIG_KEXEC_SIG=y
CONFIG_KEXEC=y CONFIG_KEXEC=y
CONFIG_KEYBOARD_ADC=m CONFIG_KEYBOARD_ADC=m
# CONFIG_KEYBOARD_ADP5588 is not set # CONFIG_KEYBOARD_ADP5588 is not set
@ -3104,6 +3107,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_EVENT_COUNTS is not set
@ -4290,7 +4296,7 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPT3001=m CONFIG_OPT3001=m
CONFIG_OPTEE=m CONFIG_OPTEE=m
CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1 CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -5353,6 +5359,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -7132,6 +7140,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2482,6 +2482,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2503,6 +2504,7 @@ CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m CONFIG_IMX7D_ADC=m
# CONFIG_IMX7ULP_WDT is not set
# CONFIG_IMX_DMA is not set # CONFIG_IMX_DMA is not set
# CONFIG_IMX_DSP is not set # CONFIG_IMX_DSP is not set
CONFIG_IMX_GPCV2_PM_DOMAINS=y CONFIG_IMX_GPCV2_PM_DOMAINS=y
@ -3162,6 +3164,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_EVENT_COUNTS=y
@ -4419,7 +4424,7 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPT3001=m CONFIG_OPT3001=m
CONFIG_OPTEE=m CONFIG_OPTEE=m
CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1 CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -5512,6 +5517,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
# CONFIG_SECURITY_INFINIBAND is not set # CONFIG_SECURITY_INFINIBAND is not set
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -7466,6 +7473,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2399,6 +2399,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2420,6 +2421,7 @@ CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m CONFIG_IMX7D_ADC=m
# CONFIG_IMX7ULP_WDT is not set
# CONFIG_IMX_DMA is not set # CONFIG_IMX_DMA is not set
# CONFIG_IMX_DSP is not set # CONFIG_IMX_DSP is not set
CONFIG_IMX_GPCV2_PM_DOMAINS=y CONFIG_IMX_GPCV2_PM_DOMAINS=y
@ -3061,6 +3063,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_EVENT_COUNTS=y
@ -4255,7 +4260,7 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPT3001=m CONFIG_OPT3001=m
CONFIG_OPTEE=m CONFIG_OPTEE=m
CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1 CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -5265,6 +5270,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
# CONFIG_SECURITY_INFINIBAND is not set # CONFIG_SECURITY_INFINIBAND is not set
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -7092,6 +7099,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2384,6 +2384,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2405,6 +2406,7 @@ CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m CONFIG_IMX7D_ADC=m
# CONFIG_IMX7ULP_WDT is not set
# CONFIG_IMX_DMA is not set # CONFIG_IMX_DMA is not set
# CONFIG_IMX_DSP is not set # CONFIG_IMX_DSP is not set
CONFIG_IMX_GPCV2_PM_DOMAINS=y CONFIG_IMX_GPCV2_PM_DOMAINS=y
@ -3044,6 +3046,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_EVENT_COUNTS is not set
@ -4236,7 +4241,7 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPT3001=m CONFIG_OPT3001=m
CONFIG_OPTEE=m CONFIG_OPTEE=m
CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1 CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -5245,6 +5250,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
# CONFIG_SECURITY_INFINIBAND is not set # CONFIG_SECURITY_INFINIBAND is not set
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -7071,6 +7078,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2467,6 +2467,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2488,6 +2489,7 @@ CONFIG_IMA=y
# CONFIG_IMG_ASCII_LCD is not set # CONFIG_IMG_ASCII_LCD is not set
CONFIG_IMX2_WDT=m CONFIG_IMX2_WDT=m
CONFIG_IMX7D_ADC=m CONFIG_IMX7D_ADC=m
# CONFIG_IMX7ULP_WDT is not set
# CONFIG_IMX_DMA is not set # CONFIG_IMX_DMA is not set
# CONFIG_IMX_DSP is not set # CONFIG_IMX_DSP is not set
CONFIG_IMX_GPCV2_PM_DOMAINS=y CONFIG_IMX_GPCV2_PM_DOMAINS=y
@ -3145,6 +3147,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_EVENT_COUNTS is not set
@ -4400,7 +4405,7 @@ CONFIG_OPENVSWITCH_VXLAN=m
CONFIG_OPT3001=m CONFIG_OPT3001=m
CONFIG_OPTEE=m CONFIG_OPTEE=m
CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1 CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -5492,6 +5497,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
# CONFIG_SECURITY_INFINIBAND is not set # CONFIG_SECURITY_INFINIBAND is not set
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -7445,6 +7452,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2198,6 +2198,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2878,7 +2879,10 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCK_DOWN_KERNEL=y CONFIG_LOCK_DOWN_KERNEL=y
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_EVENT_COUNTS=y
@ -3996,7 +4000,7 @@ CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_VXLAN=m
# CONFIG_OPROFILE is not set # CONFIG_OPROFILE is not set
CONFIG_OPT3001=m CONFIG_OPT3001=m
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -4866,6 +4870,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6494,6 +6500,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2181,6 +2181,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2859,7 +2860,10 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCK_DOWN_KERNEL=y CONFIG_LOCK_DOWN_KERNEL=y
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_EVENT_COUNTS is not set
@ -3977,7 +3981,7 @@ CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_VXLAN=m
# CONFIG_OPROFILE is not set # CONFIG_OPROFILE is not set
CONFIG_OPT3001=m CONFIG_OPT3001=m
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -4846,6 +4850,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6473,6 +6479,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -1999,6 +1999,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2624,6 +2625,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_EVENT_COUNTS=y
@ -3708,7 +3712,7 @@ CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_VXLAN=m
# CONFIG_OPROFILE is not set # CONFIG_OPROFILE is not set
CONFIG_OPT3001=m CONFIG_OPT3001=m
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -4555,6 +4559,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6087,6 +6093,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -1982,6 +1982,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2605,6 +2606,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_EVENT_COUNTS is not set
@ -3687,7 +3691,7 @@ CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_VXLAN=m
# CONFIG_OPROFILE is not set # CONFIG_OPROFILE is not set
CONFIG_OPT3001=m CONFIG_OPT3001=m
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -4533,6 +4537,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6064,6 +6070,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -1979,6 +1979,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2416,6 +2417,7 @@ CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_UNCOMPRESSED is not set # CONFIG_KERNEL_UNCOMPRESSED is not set
# CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_XZ is not set
CONFIG_KEXEC_FILE=y CONFIG_KEXEC_FILE=y
CONFIG_KEXEC_SIG=y
# CONFIG_KEXEC_VERIFY_SIG is not set # CONFIG_KEXEC_VERIFY_SIG is not set
CONFIG_KEXEC=y CONFIG_KEXEC=y
# CONFIG_KEYBOARD_ADC is not set # CONFIG_KEYBOARD_ADC is not set
@ -2600,6 +2602,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_EVENT_COUNTS=y
@ -3675,7 +3680,7 @@ CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_VXLAN=m
# CONFIG_OPROFILE is not set # CONFIG_OPROFILE is not set
CONFIG_OPT3001=m CONFIG_OPT3001=m
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -4501,6 +4506,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6026,6 +6033,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=y CONFIG_VIRTIO_CONSOLE=y
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -1962,6 +1962,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2397,6 +2398,7 @@ CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_UNCOMPRESSED is not set # CONFIG_KERNEL_UNCOMPRESSED is not set
# CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_XZ is not set
CONFIG_KEXEC_FILE=y CONFIG_KEXEC_FILE=y
CONFIG_KEXEC_SIG=y
# CONFIG_KEXEC_VERIFY_SIG is not set # CONFIG_KEXEC_VERIFY_SIG is not set
CONFIG_KEXEC=y CONFIG_KEXEC=y
# CONFIG_KEYBOARD_ADC is not set # CONFIG_KEYBOARD_ADC is not set
@ -2581,6 +2583,9 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
# CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set # CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
# CONFIG_LOCK_DOWN_KERNEL is not set # CONFIG_LOCK_DOWN_KERNEL is not set
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_EVENT_COUNTS is not set
@ -3654,7 +3659,7 @@ CONFIG_OPENVSWITCH=m
CONFIG_OPENVSWITCH_VXLAN=m CONFIG_OPENVSWITCH_VXLAN=m
# CONFIG_OPROFILE is not set # CONFIG_OPROFILE is not set
CONFIG_OPT3001=m CONFIG_OPT3001=m
# CONFIG_OPTIMIZE_INLINING is not set CONFIG_OPTIMIZE_INLINING=y
CONFIG_OPTPROBES=y CONFIG_OPTPROBES=y
CONFIG_ORANGEFS_FS=m CONFIG_ORANGEFS_FS=m
CONFIG_ORINOCO_USB=m CONFIG_ORINOCO_USB=m
@ -4479,6 +4484,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6003,6 +6010,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=y CONFIG_VIRTIO_CONSOLE=y
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2237,6 +2237,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2929,7 +2930,10 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCK_DOWN_KERNEL=y CONFIG_LOCK_DOWN_KERNEL=y
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
CONFIG_LOCK_EVENT_COUNTS=y CONFIG_LOCK_EVENT_COUNTS=y
@ -4907,6 +4911,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6546,6 +6552,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -2220,6 +2220,7 @@ CONFIG_IIO_TRIGGER=y
CONFIG_IKHEADERS=m CONFIG_IKHEADERS=m
CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_APPRAISE_BOOTPARAM=y
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set # CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
# CONFIG_IMA_APPRAISE_MODSIG is not set
CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set # CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set # CONFIG_IMA_BLACKLIST_KEYRING is not set
@ -2910,7 +2911,10 @@ CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_LOCKD=m CONFIG_LOCKD=m
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
# CONFIG_LOCK_DOWN_KERNEL_FORCE is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
CONFIG_LOCK_DOWN_KERNEL=y CONFIG_LOCK_DOWN_KERNEL=y
CONFIG_LOCKD_V4=y CONFIG_LOCKD_V4=y
# CONFIG_LOCK_EVENT_COUNTS is not set # CONFIG_LOCK_EVENT_COUNTS is not set
@ -4887,6 +4891,8 @@ CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_INFINIBAND=y
# CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_PATH is not set # CONFIG_SECURITY_PATH is not set
@ -6525,6 +6531,7 @@ CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=m CONFIG_VIRTIO_BLK=m
# CONFIG_VIRTIO_BLK_SCSI is not set # CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_CONSOLE=m CONFIG_VIRTIO_CONSOLE=m
CONFIG_VIRTIO_FS=m
CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_INPUT=m
# CONFIG_VIRTIO_IOMMU is not set # CONFIG_VIRTIO_IOMMU is not set
CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_MENU=y

View File

@ -71,7 +71,7 @@ Summary: The Linux kernel
# The rc snapshot level # The rc snapshot level
%global rcrev 0 %global rcrev 0
# The git snapshot level # The git snapshot level
%define gitrev 8 %define gitrev 9
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 5.%{upstream_sublevel}.0 %define rpmversion 5.%{upstream_sublevel}.0
%endif %endif
@ -499,7 +499,7 @@ Patch122: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
# 200 - x86 / secureboot # 200 - x86 / secureboot
Patch201: efi-lockdown.patch # Patch201: efi-lockdown.patch
# bz 1497559 - Make kernel MODSIGN code not error on missing variables # bz 1497559 - Make kernel MODSIGN code not error on missing variables
Patch207: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch Patch207: 0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch
@ -534,10 +534,6 @@ Patch320: arm64-tegra-jetson-tx1-fixes.patch
# https://www.spinics.net/lists/linux-tegra/msg43110.html # https://www.spinics.net/lists/linux-tegra/msg43110.html
Patch321: arm64-tegra-Jetson-TX2-Allow-bootloader-to-configure.patch Patch321: arm64-tegra-Jetson-TX2-Allow-bootloader-to-configure.patch
# QCom laptop bits
# https://patchwork.kernel.org/patch/11133827/
Patch330: arm64-qcom-i2c-geni-Disable-DMA-processing-on-the-Lenovo-Yoga-C630.patch
# 400 - IBM (ppc/s390x) patches # 400 - IBM (ppc/s390x) patches
# 500 - Temp fixes/CVEs etc # 500 - Temp fixes/CVEs etc
@ -551,9 +547,6 @@ Patch502: 0001-Drop-that-for-now.patch
# Submitted upstream at https://lkml.org/lkml/2019/4/23/89 # Submitted upstream at https://lkml.org/lkml/2019/4/23/89
Patch503: KEYS-Make-use-of-platform-keyring-for-module-signature.patch Patch503: KEYS-Make-use-of-platform-keyring-for-module-signature.patch
# https://patchwork.kernel.org/patch/11158395/
Patch504: iwlwifi-fw-don-t-send-GEO_TX_POWER_LIMIT-command-to-FW-version-36.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
%endif %endif
@ -1755,6 +1748,9 @@ fi
# #
# #
%changelog %changelog
* Mon Sep 30 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-0.rc0.git9.1
- Linux v5.3-13236-g97f9a3c4eee5
* Thu Sep 26 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-0.rc0.git8.1 * Thu Sep 26 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-0.rc0.git8.1
- Linux v5.3-12397-gf41def397161 - Linux v5.3-12397-gf41def397161

View File

@ -1,2 +1,2 @@
SHA512 (linux-5.3.tar.xz) = 6b5edef47c319a3fa7f6c20a3e0903a5acd89ec75e32dc5f99adcb60c9fe118ea312722d9c3d27e2e3900afa2455afb86e83a8b6bb131009bc79ddbe6fb0595d SHA512 (linux-5.3.tar.xz) = 6b5edef47c319a3fa7f6c20a3e0903a5acd89ec75e32dc5f99adcb60c9fe118ea312722d9c3d27e2e3900afa2455afb86e83a8b6bb131009bc79ddbe6fb0595d
SHA512 (patch-5.3-git8.xz) = 6d20a445bce9b821cb9c83c2440fce5b3e3e70ddc5f31d535524687fcefeab1edad7c72dfaa53b6bbf9beeb7811ae04d1301094d69463771b95f86dffed8b2ce SHA512 (patch-5.3-git9.xz) = 47761a6fb683ba11c648df4fe542f13b90f1bc3bdeba236ea0be4df12c7ce7373f5841e194641023370bf52d94ad8660dc85bf51d44942c7c2508b996e365c88