[PATCH 0/9][D] Lockdown updates
Seth Forshee
seth.forshee at canonical.com
Thu Jun 18 23:14:20 UTC 2020
BugLink: https://bugs.launchpad.net/bugs/1884159
The following changes since commit e0ed87ef9ee974e776ba756b1e6cea9f373165d4:
UBUNTU: Ubuntu-5.0.0-53.57 (2020-06-08 18:13:10 -0300)
are available in the Git repository at:
git://git.launchpad.net/~sforshee/ubuntu/+source/linux/+git/disco lockdown-updates
for you to fetch changes up to 9f1a24f069a85e506e8e0cb35ec0c80ee8d553ad:
UBUNTU: [Config] CONFIG_XMON_DEFAULT_RO_MODE=y (2020-06-16 16:48:08 -0500)
Thanks,
Seth
----------------------------------------------------------------
Christopher M. Riedl (2):
powerpc/xmon: add read-only mode
powerpc/xmon: Restrict when kernel is locked down
Jason A. Donenfeld (1):
UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked
down
Javier Martinez Canillas (1):
efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
Jiri Bohac (2):
UBUNTU: SAUCE: (efi-lockdown) kexec_file: split KEXEC_VERIFY_SIG into
KEXEC_SIG and KEXEC_SIG_FORCE
UBUNTU: SAUCE: (efi-lockdown) kexec_file: Restrict at runtime if the
kernel is locked down
Matthew Garrett (1):
efi: Restrict efivar_ssdt_load when the kernel is locked down
Seth Forshee (2):
UBUNTU: [Config] Update kexec signature config options
UBUNTU: [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
arch/powerpc/Kconfig.debug | 8 ++
arch/powerpc/xmon/xmon.c | 132 ++++++++++++++++++----
arch/x86/Kconfig | 20 +++-
crypto/asymmetric_keys/verify_pefile.c | 4 +-
debian.master/config/config.common.ubuntu | 3 +
drivers/acpi/acpi_configfs.c | 4 +
drivers/firmware/efi/efi.c | 5 +
drivers/firmware/efi/test/efi_test.c | 7 ++
include/linux/kexec.h | 4 +-
kernel/kexec_file.c | 54 +++++++--
10 files changed, 205 insertions(+), 36 deletions(-)
--
2.27.0
More information about the kernel-team
mailing list