Commit Graph

14 Commits

Author SHA1 Message Date
Justin M. Forbes
fa3a43c8e6 Linux v5.4-5280-g89d57dddd7d3 2019-11-27 13:03:10 -06:00
Jeremy Cline
391323a40e Linux v5.4-rc2-20-geda57a0e4299 2019-10-08 17:00:22 +00:00
Jeremy Cline
e21e52b608 Linux v5.3-13236-g97f9a3c4eee5
This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.
2019-10-01 14:20:23 +00:00
Jeremy Cline
021611765e Linux v5.3-2061-gad062195731b 2019-09-17 21:22:39 +00:00
Justin M. Forbes
ead55fdbc7 Linux v5.2-rc3-37-g156c05917e09 2019-06-06 11:22:11 -05:00
Justin M. Forbes
2b2a5f0a2e Linux v5.1-1199-g71ae5fc87c34 2019-05-07 12:04:31 -05:00
Jeremy Cline
8f968e6f02 Linux v5.1-rc6 2019-04-22 14:20:15 +00:00
Jeremy Cline
26a34633c2 Fix up the kexec IMA patch 2019-04-15 18:43:41 +00:00
Jeremy Cline
4b5e4234be Rebase the kernel lockdown patch set
Use the latest version of the kernel lockdown patch set. This includes a
few configuration renames:

CONFIG_KEXEC_VERIFY_SIG became CONFIG_KEXEC_SIG and
CONFIG_KEXEC_SIG_FORCE was added. CONFIG_KEXEC_SIG_FORCE=n because the
"kexec_file: Restrict at runtime if the kernel is locked down" patch
enforces the signature requirement when the kernel is locked down.

CONFIG_LOCK_DOWN_MANDATORY got renamed to CONFIG_LOCK_DOWN_KERNEL_FORCE
and remains false as LOCK_DOWN_IN_EFI_SECURE_BOOT covers enabling it for
EFI Secure Boot users.

Finally, the SysRq patches got dropped for the present.
2019-04-15 12:15:16 -04:00
Jeremy Cline
edfbff22b4 Linux v5.0-10360-g12ad143e1b80 2019-03-11 17:30:38 +00:00
Laura Abbott
16332ac6b7 Linux v5.0-rc7 2019-02-17 20:10:42 -08:00
Laura Abbott
c97d3b0f76 Linux v4.20-9163-g195303136f19 2018-12-30 09:30:50 -08:00
Jeremy Cline
c8f9da6523
Resolve a conflict in the efi secureboot patch set 2018-11-19 11:33:38 -05:00
Justin M. Forbes
bbfe8b3016 Secure Boot updates 2018-06-11 15:35:41 -05:00