The driver is needed for testing purposes, enable it on the architectures
where EFI is supported. Also, disallow access to the registered device if
the kernel is locked down.
Fedora has been carrying this patch for a very long time as
a workaround for MacBook Airs1,1. We've also gotten smarter
about detection (see d79e141c1c6e ("Input: i8042 - Trust
firmware a bit more when probing on X86")) so let's try
dropping this.
Upstream finally merged the lockdown patches, adjust the SysRq patch to
work with the upstreamed version.
Signed-off-by: Jeremy Cline <jcline@redhat.com>
This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.
This patch from 2013 stops the i915 driver from spitting out WARNs in
some cases, but nearly the same thing can be achieved with the
``verbose_state_checks=false`` module option added in 2014. With the
module setting the issue results in a log message at error level rather
than the debug level set by this patch. However, it's not known if this
is still a common issue. It seems worth the cost of (maybe) a few more
bug reports about new error-level logs to drop the patch.
To start with, we're going to leave ``verbose_state_checks=true`` (the
default), but if we run into a lot of WARNs we will turn it off.
We've come a long way. Let's just leave these drivers alone.
Banish the drivers to mod-extra to ensure they really don't
get loaded.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've been carrying this patch for years. If someone wants to
do the work to get it upstream, they are welcome to do so.
Signed-off-by: Laura Abbott <labbott@redhat.com>
