rpms/kernel
9
2
Fork 4
Code Issues Pull Requests Releases Activity
5,139 Commits 31 Branches 211 Tags 832 MiB
c16b4f1acf
Commit Graph

39 Commits

Author SHA1 Message Date
Jeremy Cline
e21e52b608 Linux v5.3-13236-g97f9a3c4eee5 
This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.
 2019-10-01 14:20:23 +00:00
Laura Abbott
4cbd7a3c09 Linux v5.2-10808-g9637d517347e 2019-07-16 08:59:21 -04:00
Jeremy Cline
228a4ee828 Fix rbhz 1658675 again 
This patch got dropped with the latest rebase to upstream's version of
the lockdown patches.
 2019-06-06 19:03:26 +00:00
Justin M. Forbes
ead55fdbc7 Linux v5.2-rc3-37-g156c05917e09 2019-06-06 11:22:11 -05:00
Jeremy Cline
26a34633c2 Fix up the kexec IMA patch 2019-04-15 18:43:41 +00:00
Jeremy Cline
4b5e4234be Rebase the kernel lockdown patch set 
Use the latest version of the kernel lockdown patch set. This includes a
few configuration renames:

CONFIG_KEXEC_VERIFY_SIG became CONFIG_KEXEC_SIG and
CONFIG_KEXEC_SIG_FORCE was added. CONFIG_KEXEC_SIG_FORCE=n because the
"kexec_file: Restrict at runtime if the kernel is locked down" patch
enforces the signature requirement when the kernel is locked down.

CONFIG_LOCK_DOWN_MANDATORY got renamed to CONFIG_LOCK_DOWN_KERNEL_FORCE
and remains false as LOCK_DOWN_IN_EFI_SECURE_BOOT covers enabling it for
EFI Secure Boot users.

Finally, the SysRq patches got dropped for the present.
 2019-04-15 12:15:16 -04:00
Jeremy Cline
6c72c6753e Linux v5.0-7001-g610cd4eadec4 2019-03-08 16:38:03 +00:00
Jeremy Cline
ece6441001 Linux v5.0-6399-gf90d64483ebd 2019-03-07 20:30:13 +00:00
Justin M. Forbes
dc45afc7d9 lockdown update for S390 2019-01-10 08:38:14 -06:00
Laura Abbott
dd000cd2fd Linux v4.20-10911-g645ff1e8e704 
Dropped part of the efi-lockdown patchset for IMA until
conflicts get resolved.
 2019-01-03 08:28:18 -08:00
Laura Abbott
c97d3b0f76 Linux v4.20-9163-g195303136f19 2018-12-30 09:30:50 -08:00
Justin M. Forbes
b5c40a84c0 Remove bpf restriction for now, revisit (rhbz 1622986) 2018-08-28 15:39:51 -05:00
Jeremy Cline
cb11f4de83
Linux v4.18-8895-g1f7a4c73a739 2018-08-18 13:52:10 +01:00
Jeremy Cline
a23ced99bd
Linux v4.18-7873-gf91e654474d4 2018-08-16 14:56:49 +01:00
Laura Abbott
c60d15178c Linux v4.18-rc1 2018-06-18 09:44:24 -07:00
Laura Abbott
5f1fb0c45a Linux v4.17-11782-gbe779f03d563 2018-06-13 10:54:20 -07:00
Laura Abbott
4b8512e91a Linux v4.17-7997-g68abbe729567 2018-06-08 11:37:45 -07:00
Laura Abbott
9382c1533b Linux v4.17-6625-g1c8c5a9d38f6 2018-06-07 14:52:18 -07:00
Laura Abbott
037431cf90 Linux v4.17-3754-g135c5504a600 2018-06-06 09:56:34 -07:00
Justin M. Forbes
8cf006311d Linux v4.17-rc1 2018-04-16 11:04:31 -05:00
Justin M. Forbes
df0ed2af7a Linux v4.16-11766-ge241e3f2bf97 2018-04-12 11:56:50 -05:00
Justin M. Forbes
5bf5e37a74 Linux v4.16-9576-g38c23685b273 2018-04-06 12:00:21 -05:00
Justin M. Forbes
71c4e801d3 Linux v4.16-2520-g642e7fd23353 2018-04-03 12:18:00 -05:00
Jeremy Cline
a253e4dfca
Fix efi-lockdown.patch for upstream BPF change 
Commit 0fa4fe85f472 ("bpf: skip unnecessary capability check") switched
the if statement around.

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2018-03-23 09:27:44 -04:00
Justin M. Forbes
f20e0a3b66 Update efi-lockdown patch with current. 2018-03-12 08:46:00 -05:00
Justin M. Forbes
bf681f6a5b Linux v4.15-11704-ga2e5790d8416 2018-02-07 09:13:24 -06:00
Laura Abbott
8221dd34f7 Linux v4.14-12375-g2dcd9c71c1ff 2017-11-17 17:10:07 -08:00
Laura Abbott
e1d147112d Linux v4.14-4050-g37cb8e1f8e10 2017-11-15 09:40:48 -08:00
Justin M. Forbes
006f5ba402 Linux v4.14-rc6-50-g567825502730 2017-10-26 15:56:39 -05:00
Justin M. Forbes
135abd0c28 Linux v4.14-rc5-94-g9a27ded2195a 2017-10-20 16:22:53 -05:00
Justin M. Forbes
59566d9a2c Linux v4.14-rc5-31-g73d3393ada4f 2017-10-19 15:49:02 -05:00
Justin M. Forbes
21e4b83380 Linux v4.13-11197-gf007cad159e9 2017-09-11 13:05:08 -05:00
Justin M. Forbes
7c0c57cc12 Linux v4.13-4257-ge7d0c41ecc2e 2017-09-06 13:29:50 -05:00
Justin M. Forbes
bd32781ec2 Linux v4.11-11413-g2868b25 2017-05-09 10:45:07 -05:00
Justin M. Forbes
a3e7d7abc0 Linux v4.11-1464-gd3b5d35 2017-05-02 14:04:44 -05:00
Laura Abbott
c796f87d68 Linux v4.10-6476-gbc49a78 2017-02-23 09:21:58 -08:00
Justin M. Forbes
cd3596bbfc Update efi-lockdown for 4.11 merge 2017-02-21 11:48:46 -06:00
Justin M. Forbes
411d3b79f7 Linux v4.10-rc4 2017-01-16 10:06:57 -06:00
Justin M. Forbes
962ea4f047 Linux v4.9-7150-gcdb98c2 2016-12-14 12:50:48 -06:00