[SRU Xenial 2/2] UBUNTU: [Config]: Set CONFIG_PPC_RTAS_FILTER
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Dec 1 20:50:49 UTC 2020
RTAS may be used to read arbritary memory, which we do not want to allow when
Secure Boot is used. It is restricted to only some allowed operations, which
are the ones that are used by distributed tools.
CVE-2020-27777
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
---
debian.master/config/annotations | 3 +++
debian.master/config/config.common.ubuntu | 1 +
2 files changed, 4 insertions(+)
diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index d31f2e35f8fd..68f4c169f538 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -80,6 +80,9 @@ CONFIG_ISA policy<{'i386': 'y', 'powerpc-po
# Menu: Bus options (PCI etc.) >> Architecture: powerpc
CONFIG_FSL_LBC policy<{'powerpc': 'y', 'ppc64el': 'y'}>
+CONFIG_PPC_RTAS_FILTER policy<{'powerpc-powerpc-smp': 'y', 'powerpc-powerpc64-smp': 'y', 'ppc64el': 'y'}>
+#
+CONFIG_PPC_RTAS_FILTER mark<ENFORCED> note<CVE-2020-27777>
# Menu: Bus options (PCI etc.) >> Architecture: s390
CONFIG_QDIO policy<{'s390x': 'm'}>
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 7f7cc8c24173..2c4d5230a16d 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -6004,6 +6004,7 @@ CONFIG_PPC_PS3=y
CONFIG_PPC_PSERIES=y
CONFIG_PPC_QEMU_E500=y
CONFIG_PPC_RTAS_DAEMON=y
+CONFIG_PPC_RTAS_FILTER=y
CONFIG_PPC_SCOM=y
CONFIG_PPC_SMP_MUXED_IPI=y
CONFIG_PPC_STD_MMU=y
--
2.27.0
More information about the kernel-team
mailing list