Linux v3.8-9456-g309667e
This commit is contained in:
parent
0ace7eb5e6
commit
0a85b3e682
@ -1,4 +1,4 @@
|
|||||||
From d8cfe24ede3c3d8ce48d9c8ea791984777d783fc Mon Sep 17 00:00:00 2001
|
From f31ce451f73d8e68ab5c3dca068ef602bb9f1dfa Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Fri, 18 Jan 2013 13:53:35 +0000
|
Date: Fri, 18 Jan 2013 13:53:35 +0000
|
||||||
Subject: [PATCH 01/47] KEYS: Load *.x509 files into kernel keyring
|
Subject: [PATCH 01/47] KEYS: Load *.x509 files into kernel keyring
|
||||||
@ -15,11 +15,11 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
2 files changed, 30 insertions(+), 8 deletions(-)
|
2 files changed, 30 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||||
index eceac38..2c83d21 100644
|
index 05949c0..f6dbf33 100644
|
||||||
--- a/kernel/Makefile
|
--- a/kernel/Makefile
|
||||||
+++ b/kernel/Makefile
|
+++ b/kernel/Makefile
|
||||||
@@ -134,17 +134,40 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE
|
@@ -142,17 +142,40 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
|
||||||
$(call if_changed,timeconst)
|
$(call if_changed,bc)
|
||||||
|
|
||||||
ifeq ($(CONFIG_MODULE_SIG),y)
|
ifeq ($(CONFIG_MODULE_SIG),y)
|
||||||
+###############################################################################
|
+###############################################################################
|
||||||
@ -81,7 +81,7 @@ index 246b4c6..0a60203 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 45078a904bc6488f2e3a69b71213950e0ff04db0 Mon Sep 17 00:00:00 2001
|
From 01fb4a2a794782fc54d7ea8dc61c7b205a7748c1 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 18:39:54 +0000
|
Date: Tue, 15 Jan 2013 18:39:54 +0000
|
||||||
Subject: [PATCH 02/47] KEYS: Separate the kernel signature checking keyring
|
Subject: [PATCH 02/47] KEYS: Separate the kernel signature checking keyring
|
||||||
@ -95,16 +95,12 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
include/keys/system_keyring.h | 23 ++++++++++
|
include/keys/system_keyring.h | 23 ++++++++++
|
||||||
init/Kconfig | 13 ++++++
|
init/Kconfig | 13 ++++++
|
||||||
kernel/Makefile | 17 ++++---
|
kernel/Makefile | 17 ++++---
|
||||||
kernel/modsign_certificate.S | 18 --------
|
|
||||||
kernel/modsign_pubkey.c | 104 ------------------------------------------
|
|
||||||
kernel/module-internal.h | 2 -
|
kernel/module-internal.h | 2 -
|
||||||
kernel/module_signing.c | 3 +-
|
kernel/module_signing.c | 3 +-
|
||||||
kernel/system_certificates.S | 18 ++++++++
|
kernel/system_certificates.S | 18 ++++++++
|
||||||
kernel/system_keyring.c | 101 ++++++++++++++++++++++++++++++++++++++++
|
kernel/system_keyring.c | 101 ++++++++++++++++++++++++++++++++++++++++++
|
||||||
9 files changed, 168 insertions(+), 131 deletions(-)
|
7 files changed, 168 insertions(+), 9 deletions(-)
|
||||||
create mode 100644 include/keys/system_keyring.h
|
create mode 100644 include/keys/system_keyring.h
|
||||||
delete mode 100644 kernel/modsign_certificate.S
|
|
||||||
delete mode 100644 kernel/modsign_pubkey.c
|
|
||||||
create mode 100644 kernel/system_certificates.S
|
create mode 100644 kernel/system_certificates.S
|
||||||
create mode 100644 kernel/system_keyring.c
|
create mode 100644 kernel/system_keyring.c
|
||||||
|
|
||||||
@ -169,7 +165,7 @@ index 0a5e80f..053072f 100644
|
|||||||
select CRYPTO
|
select CRYPTO
|
||||||
select ASYMMETRIC_KEY_TYPE
|
select ASYMMETRIC_KEY_TYPE
|
||||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||||
index 2c83d21..454ce54 100644
|
index f6dbf33..f273c0e 100644
|
||||||
--- a/kernel/Makefile
|
--- a/kernel/Makefile
|
||||||
+++ b/kernel/Makefile
|
+++ b/kernel/Makefile
|
||||||
@@ -53,8 +53,9 @@ obj-$(CONFIG_SMP) += spinlock.o
|
@@ -53,8 +53,9 @@ obj-$(CONFIG_SMP) += spinlock.o
|
||||||
@ -183,9 +179,9 @@ index 2c83d21..454ce54 100644
|
|||||||
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
obj-$(CONFIG_KALLSYMS) += kallsyms.o
|
||||||
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
|
||||||
obj-$(CONFIG_KEXEC) += kexec.o
|
obj-$(CONFIG_KEXEC) += kexec.o
|
||||||
@@ -133,13 +134,14 @@ targets += timeconst.h
|
@@ -141,13 +142,14 @@ targets += timeconst.h
|
||||||
$(obj)/timeconst.h: $(src)/timeconst.pl FORCE
|
$(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
|
||||||
$(call if_changed,timeconst)
|
$(call if_changed,bc)
|
||||||
|
|
||||||
-ifeq ($(CONFIG_MODULE_SIG),y)
|
-ifeq ($(CONFIG_MODULE_SIG),y)
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -201,7 +197,7 @@ index 2c83d21..454ce54 100644
|
|||||||
X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
|
X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
|
||||||
X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
|
X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
|
||||||
X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
|
X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
|
||||||
@@ -155,10 +157,11 @@ $(shell rm $(obj)/.x509.list)
|
@@ -163,10 +165,11 @@ $(shell rm $(obj)/.x509.list)
|
||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
@ -215,7 +211,7 @@ index 2c83d21..454ce54 100644
|
|||||||
targets += $(obj)/x509_certificate_list
|
targets += $(obj)/x509_certificate_list
|
||||||
$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
|
$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
|
||||||
$(call if_changed,x509certs)
|
$(call if_changed,x509certs)
|
||||||
@@ -168,7 +171,9 @@ $(obj)/.x509.list:
|
@@ -176,7 +179,9 @@ $(obj)/.x509.list:
|
||||||
@echo $(X509_CERTIFICATES) >$@
|
@echo $(X509_CERTIFICATES) >$@
|
||||||
|
|
||||||
clean-files := x509_certificate_list .x509.list
|
clean-files := x509_certificate_list .x509.list
|
||||||
@ -225,140 +221,6 @@ index 2c83d21..454ce54 100644
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
#
|
#
|
||||||
# If module signing is requested, say by allyesconfig, but a key has not been
|
# If module signing is requested, say by allyesconfig, but a key has not been
|
||||||
diff --git a/kernel/modsign_certificate.S b/kernel/modsign_certificate.S
|
|
||||||
deleted file mode 100644
|
|
||||||
index 0a60203..0000000
|
|
||||||
--- a/kernel/modsign_certificate.S
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,18 +0,0 @@
|
|
||||||
-/* SYMBOL_PREFIX defined on commandline from CONFIG_SYMBOL_PREFIX */
|
|
||||||
-#ifndef SYMBOL_PREFIX
|
|
||||||
-#define ASM_SYMBOL(sym) sym
|
|
||||||
-#else
|
|
||||||
-#define PASTE2(x,y) x##y
|
|
||||||
-#define PASTE(x,y) PASTE2(x,y)
|
|
||||||
-#define ASM_SYMBOL(sym) PASTE(SYMBOL_PREFIX, sym)
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-#define GLOBAL(name) \
|
|
||||||
- .globl ASM_SYMBOL(name); \
|
|
||||||
- ASM_SYMBOL(name):
|
|
||||||
-
|
|
||||||
- .section ".init.data","aw"
|
|
||||||
-
|
|
||||||
-GLOBAL(modsign_certificate_list)
|
|
||||||
- .incbin "kernel/x509_certificate_list"
|
|
||||||
-GLOBAL(modsign_certificate_list_end)
|
|
||||||
diff --git a/kernel/modsign_pubkey.c b/kernel/modsign_pubkey.c
|
|
||||||
deleted file mode 100644
|
|
||||||
index 2b6e699..0000000
|
|
||||||
--- a/kernel/modsign_pubkey.c
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,104 +0,0 @@
|
|
||||||
-/* Public keys for module signature verification
|
|
||||||
- *
|
|
||||||
- * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
||||||
- * Written by David Howells (dhowells@redhat.com)
|
|
||||||
- *
|
|
||||||
- * This program is free software; you can redistribute it and/or
|
|
||||||
- * modify it under the terms of the GNU General Public Licence
|
|
||||||
- * as published by the Free Software Foundation; either version
|
|
||||||
- * 2 of the Licence, or (at your option) any later version.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#include <linux/kernel.h>
|
|
||||||
-#include <linux/sched.h>
|
|
||||||
-#include <linux/cred.h>
|
|
||||||
-#include <linux/err.h>
|
|
||||||
-#include <keys/asymmetric-type.h>
|
|
||||||
-#include "module-internal.h"
|
|
||||||
-
|
|
||||||
-struct key *modsign_keyring;
|
|
||||||
-
|
|
||||||
-extern __initdata const u8 modsign_certificate_list[];
|
|
||||||
-extern __initdata const u8 modsign_certificate_list_end[];
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * We need to make sure ccache doesn't cache the .o file as it doesn't notice
|
|
||||||
- * if modsign.pub changes.
|
|
||||||
- */
|
|
||||||
-static __initdata const char annoy_ccache[] = __TIME__ "foo";
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * Load the compiled-in keys
|
|
||||||
- */
|
|
||||||
-static __init int module_verify_init(void)
|
|
||||||
-{
|
|
||||||
- pr_notice("Initialise module verification\n");
|
|
||||||
-
|
|
||||||
- modsign_keyring = keyring_alloc(".module_sign",
|
|
||||||
- KUIDT_INIT(0), KGIDT_INIT(0),
|
|
||||||
- current_cred(),
|
|
||||||
- ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
|
||||||
- KEY_USR_VIEW | KEY_USR_READ),
|
|
||||||
- KEY_ALLOC_NOT_IN_QUOTA, NULL);
|
|
||||||
- if (IS_ERR(modsign_keyring))
|
|
||||||
- panic("Can't allocate module signing keyring\n");
|
|
||||||
-
|
|
||||||
- return 0;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * Must be initialised before we try and load the keys into the keyring.
|
|
||||||
- */
|
|
||||||
-device_initcall(module_verify_init);
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * Load the compiled-in keys
|
|
||||||
- */
|
|
||||||
-static __init int load_module_signing_keys(void)
|
|
||||||
-{
|
|
||||||
- key_ref_t key;
|
|
||||||
- const u8 *p, *end;
|
|
||||||
- size_t plen;
|
|
||||||
-
|
|
||||||
- pr_notice("Loading module verification certificates\n");
|
|
||||||
-
|
|
||||||
- end = modsign_certificate_list_end;
|
|
||||||
- p = modsign_certificate_list;
|
|
||||||
- while (p < end) {
|
|
||||||
- /* Each cert begins with an ASN.1 SEQUENCE tag and must be more
|
|
||||||
- * than 256 bytes in size.
|
|
||||||
- */
|
|
||||||
- if (end - p < 4)
|
|
||||||
- goto dodgy_cert;
|
|
||||||
- if (p[0] != 0x30 &&
|
|
||||||
- p[1] != 0x82)
|
|
||||||
- goto dodgy_cert;
|
|
||||||
- plen = (p[2] << 8) | p[3];
|
|
||||||
- plen += 4;
|
|
||||||
- if (plen > end - p)
|
|
||||||
- goto dodgy_cert;
|
|
||||||
-
|
|
||||||
- key = key_create_or_update(make_key_ref(modsign_keyring, 1),
|
|
||||||
- "asymmetric",
|
|
||||||
- NULL,
|
|
||||||
- p,
|
|
||||||
- plen,
|
|
||||||
- (KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
|
||||||
- KEY_USR_VIEW,
|
|
||||||
- KEY_ALLOC_NOT_IN_QUOTA);
|
|
||||||
- if (IS_ERR(key))
|
|
||||||
- pr_err("MODSIGN: Problem loading in-kernel X.509 certificate (%ld)\n",
|
|
||||||
- PTR_ERR(key));
|
|
||||||
- else
|
|
||||||
- pr_notice("MODSIGN: Loaded cert '%s'\n",
|
|
||||||
- key_ref_to_ptr(key)->description);
|
|
||||||
- p += plen;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- return 0;
|
|
||||||
-
|
|
||||||
-dodgy_cert:
|
|
||||||
- pr_err("MODSIGN: Problem parsing in-kernel X.509 certificate list\n");
|
|
||||||
- return 0;
|
|
||||||
-}
|
|
||||||
-late_initcall(load_module_signing_keys);
|
|
||||||
diff --git a/kernel/module-internal.h b/kernel/module-internal.h
|
diff --git a/kernel/module-internal.h b/kernel/module-internal.h
|
||||||
index 24f9247..915e123 100644
|
index 24f9247..915e123 100644
|
||||||
--- a/kernel/module-internal.h
|
--- a/kernel/module-internal.h
|
||||||
@ -526,7 +388,7 @@ index 0000000..a3ca76f
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From cde17a931bb2f8631cfd6576f07f77857a383248 Mon Sep 17 00:00:00 2001
|
From a374634f4c6582740c91ccfb7cdc49aa26445090 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Thu, 17 Jan 2013 16:25:00 +0000
|
Date: Thu, 17 Jan 2013 16:25:00 +0000
|
||||||
Subject: [PATCH 03/47] KEYS: Add a 'trusted' flag and a 'trusted only' flag
|
Subject: [PATCH 03/47] KEYS: Add a 'trusted' flag and a 'trusted only' flag
|
||||||
@ -655,7 +517,7 @@ index 6ece7f2..f18d7ff 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 2e5ee12060b914772094d038b7bd9c2e486d339f Mon Sep 17 00:00:00 2001
|
From 654c4260b94ab07936e4e1a697eddb082b0915a1 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:32 +0000
|
Date: Tue, 15 Jan 2013 15:33:32 +0000
|
||||||
Subject: [PATCH 04/47] KEYS: Rename public key parameter name arrays
|
Subject: [PATCH 04/47] KEYS: Rename public key parameter name arrays
|
||||||
@ -810,7 +672,7 @@ index 0034e36..0b6b870 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From d823c31e932ecd1e1c24435b447b35bbe9e3ee9d Mon Sep 17 00:00:00 2001
|
From a34e52cba48a0b78902a677bb15b927581021cc0 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:33 +0000
|
Date: Tue, 15 Jan 2013 15:33:33 +0000
|
||||||
Subject: [PATCH 05/47] KEYS: Move the algorithm pointer array from x509 to
|
Subject: [PATCH 05/47] KEYS: Move the algorithm pointer array from x509 to
|
||||||
@ -892,7 +754,7 @@ index 619d570..46bde25 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From cd2153b3e5b694e88fe4a136b9bae70c16b72fd0 Mon Sep 17 00:00:00 2001
|
From 63aec95cc6af50218892f9b870a952a28de04665 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:33 +0000
|
Date: Tue, 15 Jan 2013 15:33:33 +0000
|
||||||
Subject: [PATCH 06/47] KEYS: Store public key algo ID in public_key struct
|
Subject: [PATCH 06/47] KEYS: Store public key algo ID in public_key struct
|
||||||
@ -977,7 +839,7 @@ index 46bde25..05778df 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 120a94c9b259d1d19ab64c82737121dcc23e50ea Mon Sep 17 00:00:00 2001
|
From bf77135946a15f3833928cdf9a97f481a4b7f29b Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:34 +0000
|
Date: Tue, 15 Jan 2013 15:33:34 +0000
|
||||||
Subject: [PATCH 07/47] KEYS: Split public_key_verify_signature() and make
|
Subject: [PATCH 07/47] KEYS: Split public_key_verify_signature() and make
|
||||||
@ -1093,7 +955,7 @@ index fac574c..8cb2f70 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 2fc59e9f40053886e23c7bbed0841676472d0641 Mon Sep 17 00:00:00 2001
|
From d05eeaba52cdd6ddff9620186aa3a221e5909430 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:35 +0000
|
Date: Tue, 15 Jan 2013 15:33:35 +0000
|
||||||
Subject: [PATCH 08/47] KEYS: Store public key algo ID in public_key_signature
|
Subject: [PATCH 08/47] KEYS: Store public key algo ID in public_key_signature
|
||||||
@ -1126,7 +988,7 @@ index 05778df..b34fda4 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 8de67c627dbfc895797320c82a3ebf87f5b8d446 Mon Sep 17 00:00:00 2001
|
From 3e2fb1075b17dc005721b2d63ae6a3c146fa529a Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:35 +0000
|
Date: Tue, 15 Jan 2013 15:33:35 +0000
|
||||||
Subject: [PATCH 09/47] X.509: struct x509_certificate needs struct tm
|
Subject: [PATCH 09/47] X.509: struct x509_certificate needs struct tm
|
||||||
@ -1158,7 +1020,7 @@ index e583ad0..2d01182 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 074c5a12ea0152b2a3331174ad02f3ccc8ac9915 Mon Sep 17 00:00:00 2001
|
From 5c9dbeecb8faff88eb009d329c37831b8ec112ba Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:35 +0000
|
Date: Tue, 15 Jan 2013 15:33:35 +0000
|
||||||
Subject: [PATCH 10/47] X.509: Add bits needed for PKCS#7
|
Subject: [PATCH 10/47] X.509: Add bits needed for PKCS#7
|
||||||
@ -1256,7 +1118,7 @@ index 2d01182..a6ce46f 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 539f6dc3de1679495b7ce4f252e815d8373ffcef Mon Sep 17 00:00:00 2001
|
From 11a3d86669eb5fd71c756777cff053221de851a2 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:36 +0000
|
Date: Tue, 15 Jan 2013 15:33:36 +0000
|
||||||
Subject: [PATCH 11/47] X.509: Embed public_key_signature struct and create
|
Subject: [PATCH 11/47] X.509: Embed public_key_signature struct and create
|
||||||
@ -1524,7 +1386,7 @@ index 8cb2f70..b7c81d8 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 760bd4c7f0be3da4191b737a480af92df125431e Mon Sep 17 00:00:00 2001
|
From 09ba17965bed337bfb88ef9dc2d0b8c918eb5c01 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:36 +0000
|
Date: Tue, 15 Jan 2013 15:33:36 +0000
|
||||||
Subject: [PATCH 12/47] X.509: Check the algorithm IDs obtained from parsing an
|
Subject: [PATCH 12/47] X.509: Check the algorithm IDs obtained from parsing an
|
||||||
@ -1565,7 +1427,7 @@ index b7c81d8..eb368d4 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 5f7f7268ce26dfdd754f9bcb081c380b5409b072 Mon Sep 17 00:00:00 2001
|
From 293744b6e8bfb316b3d3545984eed2f4cb0b09bc Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:37 +0000
|
Date: Tue, 15 Jan 2013 15:33:37 +0000
|
||||||
Subject: [PATCH 13/47] X.509: Handle certificates that lack an
|
Subject: [PATCH 13/47] X.509: Handle certificates that lack an
|
||||||
@ -1612,7 +1474,7 @@ index eb368d4..0f55e3b 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From e2d27f7dd12e2368b03a2007b435c5ae35020218 Mon Sep 17 00:00:00 2001
|
From 176a9c3ef9b6b4faf0a82600e70e03b8446a2590 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:37 +0000
|
Date: Tue, 15 Jan 2013 15:33:37 +0000
|
||||||
Subject: [PATCH 14/47] X.509: Export certificate parse and free functions
|
Subject: [PATCH 14/47] X.509: Export certificate parse and free functions
|
||||||
@ -1658,7 +1520,7 @@ index 931f069..9cf0e16 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From b6c2806dcc10f6377cafcde2b74d49419266fba8 Mon Sep 17 00:00:00 2001
|
From 962c8a1468e2ae96c417be0c85871218e542284d Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:38 +0000
|
Date: Tue, 15 Jan 2013 15:33:38 +0000
|
||||||
Subject: [PATCH 15/47] PKCS#7: Implement a parser [RFC 2315]
|
Subject: [PATCH 15/47] PKCS#7: Implement a parser [RFC 2315]
|
||||||
@ -2271,7 +2133,7 @@ index 6926db7..edeff85 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 0aa7a27b37790e737bbd80f61ccc12184baed13c Mon Sep 17 00:00:00 2001
|
From a6bd28571756d205a02bf45b1f92b481a5219418 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:38 +0000
|
Date: Tue, 15 Jan 2013 15:33:38 +0000
|
||||||
Subject: [PATCH 16/47] PKCS#7: Digest the data in a signed-data message
|
Subject: [PATCH 16/47] PKCS#7: Digest the data in a signed-data message
|
||||||
@ -2445,7 +2307,7 @@ index 0000000..2f9f26c
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From e84f2d2018594d3b5c4ecbe45e29ca7eb0b50909 Mon Sep 17 00:00:00 2001
|
From 2bf1ddcd0d3d9d4e578b1024252383d6bfa2e426 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:39 +0000
|
Date: Tue, 15 Jan 2013 15:33:39 +0000
|
||||||
Subject: [PATCH 17/47] PKCS#7: Find the right key in the PKCS#7 key list and
|
Subject: [PATCH 17/47] PKCS#7: Find the right key in the PKCS#7 key list and
|
||||||
@ -2544,7 +2406,7 @@ index 2f9f26c..3f6f0e2 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From d64d4625334797a96891b93cffb0899f3dd6218d Mon Sep 17 00:00:00 2001
|
From 88c5376101756187b5240a2ff2d87a3b9ab9b7ff Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:39 +0000
|
Date: Tue, 15 Jan 2013 15:33:39 +0000
|
||||||
Subject: [PATCH 18/47] PKCS#7: Verify internal certificate chain
|
Subject: [PATCH 18/47] PKCS#7: Verify internal certificate chain
|
||||||
@ -2660,7 +2522,7 @@ index 6b1d877..5e35fba 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 051964867e90089bcd643cce929e1a6494abe20b Mon Sep 17 00:00:00 2001
|
From 4b7bd5ef637b260f03d6ccf05d4f8cbe50a32302 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:42 +0000
|
Date: Tue, 15 Jan 2013 15:33:42 +0000
|
||||||
Subject: [PATCH 19/47] PKCS#7: Find intersection between PKCS#7 message and
|
Subject: [PATCH 19/47] PKCS#7: Find intersection between PKCS#7 message and
|
||||||
@ -2867,7 +2729,7 @@ index 0000000..cc226f5
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 7cbe9a52ec426f2d1e2bdaefda34a16987114a98 Mon Sep 17 00:00:00 2001
|
From 65da0a66d93e032f86253083074cf127a8a07ec8 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:39 +0000
|
Date: Tue, 15 Jan 2013 15:33:39 +0000
|
||||||
Subject: [PATCH 20/47] Provide PE binary definitions
|
Subject: [PATCH 20/47] Provide PE binary definitions
|
||||||
@ -3340,7 +3202,7 @@ index 0000000..9234aef
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 63bfd5e0dbf914df3e39011ea0bc0e3fa056420b Mon Sep 17 00:00:00 2001
|
From bef62c421fe0342e0d4132441a1ba7012d552c46 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:40 +0000
|
Date: Tue, 15 Jan 2013 15:33:40 +0000
|
||||||
Subject: [PATCH 21/47] pefile: Parse a PE binary to find a key and a signature
|
Subject: [PATCH 21/47] pefile: Parse a PE binary to find a key and a signature
|
||||||
@ -3634,7 +3496,7 @@ index 0000000..82bcaf6
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 82101ad57553b695c00e1b1c686d61ae4be27ab2 Mon Sep 17 00:00:00 2001
|
From e5328cdb361123e2126ec76844b1eccb1eccb2e2 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:40 +0000
|
Date: Tue, 15 Jan 2013 15:33:40 +0000
|
||||||
Subject: [PATCH 22/47] pefile: Strip the wrapper off of the cert data block
|
Subject: [PATCH 22/47] pefile: Strip the wrapper off of the cert data block
|
||||||
@ -3738,7 +3600,7 @@ index fb80cf0..f2d4df0 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 1e9df8e0c3ac669a43ca856f15e377f3ac671ae0 Mon Sep 17 00:00:00 2001
|
From 743500a93b4b74a7444d8cb8a3ff09f73e6440ee Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:40 +0000
|
Date: Tue, 15 Jan 2013 15:33:40 +0000
|
||||||
Subject: [PATCH 23/47] pefile: Parse the presumed PKCS#7 content of the
|
Subject: [PATCH 23/47] pefile: Parse the presumed PKCS#7 content of the
|
||||||
@ -3792,7 +3654,7 @@ index f2d4df0..056500f 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 99df31e182eafe3473eec9805d08847411527c79 Mon Sep 17 00:00:00 2001
|
From 9432dceca505e7d9b8c420059ebcce7047c62375 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:41 +0000
|
Date: Tue, 15 Jan 2013 15:33:41 +0000
|
||||||
Subject: [PATCH 24/47] pefile: Parse the "Microsoft individual code signing"
|
Subject: [PATCH 24/47] pefile: Parse the "Microsoft individual code signing"
|
||||||
@ -4035,7 +3897,7 @@ index edeff85..332dcf5 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From dcebe53a75f108c10ac0c429d2b63f3f1f02c109 Mon Sep 17 00:00:00 2001
|
From f1be79950932727d4f1517a4ca2a6c8d8babdf6d Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:41 +0000
|
Date: Tue, 15 Jan 2013 15:33:41 +0000
|
||||||
Subject: [PATCH 25/47] pefile: Digest the PE binary and compare to the PKCS#7
|
Subject: [PATCH 25/47] pefile: Digest the PE binary and compare to the PKCS#7
|
||||||
@ -4271,7 +4133,7 @@ index f1c8cc1..dfdb85e 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 3aa52815d5d27045e66b9a3970ff2af8b707bfa6 Mon Sep 17 00:00:00 2001
|
From d11766cd96997c0c8dd8511939fa05485c0ba564 Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Fri, 18 Jan 2013 13:58:35 +0000
|
Date: Fri, 18 Jan 2013 13:58:35 +0000
|
||||||
Subject: [PATCH 26/47] PEFILE: Validate PKCS#7 trust chain
|
Subject: [PATCH 26/47] PEFILE: Validate PKCS#7 trust chain
|
||||||
@ -4323,7 +4185,7 @@ index dfdb85e..edad948 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 125d3794df049a715905529e05b6400db1309ec5 Mon Sep 17 00:00:00 2001
|
From 8247b08630ee7d8da1b82a1c52656e53b0698a5f Mon Sep 17 00:00:00 2001
|
||||||
From: David Howells <dhowells@redhat.com>
|
From: David Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 15 Jan 2013 15:33:42 +0000
|
Date: Tue, 15 Jan 2013 15:33:42 +0000
|
||||||
Subject: [PATCH 27/47] PEFILE: Load the contained key if we consider the
|
Subject: [PATCH 27/47] PEFILE: Load the contained key if we consider the
|
||||||
@ -4414,7 +4276,7 @@ index 0f55e3b..c3e5a6d 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From f8089a0ae1983d8a079510126d7f21bd01d3a971 Mon Sep 17 00:00:00 2001
|
From e0de67120b1a027658c1195cbf9648a0ff97d082 Mon Sep 17 00:00:00 2001
|
||||||
From: Chun-Yi Lee <joeyli.kernel@gmail.com>
|
From: Chun-Yi Lee <joeyli.kernel@gmail.com>
|
||||||
Date: Thu, 21 Feb 2013 19:23:49 +0800
|
Date: Thu, 21 Feb 2013 19:23:49 +0800
|
||||||
Subject: [PATCH 28/47] MODSIGN: Fix including certificate twice when the
|
Subject: [PATCH 28/47] MODSIGN: Fix including certificate twice when the
|
||||||
@ -4450,10 +4312,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
|
|||||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||||
index 454ce54..9824a86 100644
|
index f273c0e..9777222 100644
|
||||||
--- a/kernel/Makefile
|
--- a/kernel/Makefile
|
||||||
+++ b/kernel/Makefile
|
+++ b/kernel/Makefile
|
||||||
@@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE
|
@@ -150,7 +150,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
|
ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
|
||||||
@ -4469,7 +4331,7 @@ index 454ce54..9824a86 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 26909a21e7274b6d9e04374e2a11e4fbc07713f3 Mon Sep 17 00:00:00 2001
|
From 09f8eba451f2ddd3eb5b8ba2dfc5153087ebaa78 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:40:56 -0400
|
Date: Thu, 20 Sep 2012 10:40:56 -0400
|
||||||
Subject: [PATCH 29/47] Secure boot: Add new capability
|
Subject: [PATCH 29/47] Secure boot: Add new capability
|
||||||
@ -4506,7 +4368,7 @@ index ba478fa..7109e65 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From ea9b455fe0e2c2f133ab26e24cc3c1e83fd2a0e4 Mon Sep 17 00:00:00 2001
|
From 75cab5d8cd111497c16a92a6d7060bff22b87c2b Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:41:05 -0400
|
Date: Thu, 20 Sep 2012 10:41:05 -0400
|
||||||
Subject: [PATCH 30/47] SELinux: define mapping for new Secure Boot capability
|
Subject: [PATCH 30/47] SELinux: define mapping for new Secure Boot capability
|
||||||
@ -4539,7 +4401,7 @@ index 14d04e6..ed99a2d 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From f945b0d4c7653109a2cca48de11faa8c44e4c503 Mon Sep 17 00:00:00 2001
|
From 69dc786f5679c66ad0afaa235ee52c59308281d2 Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:41:02 -0400
|
Date: Thu, 20 Sep 2012 10:41:02 -0400
|
||||||
Subject: [PATCH 31/47] Secure boot: Add a dummy kernel parameter that will
|
Subject: [PATCH 31/47] Secure boot: Add a dummy kernel parameter that will
|
||||||
@ -4605,7 +4467,7 @@ index e0573a4..c3f4e3e 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From eb90b28185e0a14b4d585713078229f1416fbf0c Mon Sep 17 00:00:00 2001
|
From 1a22bfc73b9fddc1a4addb3d485f5473950d984a Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:41:03 -0400
|
Date: Thu, 20 Sep 2012 10:41:03 -0400
|
||||||
Subject: [PATCH 32/47] efi: Enable secure boot lockdown automatically when
|
Subject: [PATCH 32/47] efi: Enable secure boot lockdown automatically when
|
||||||
@ -4751,7 +4613,7 @@ index 9bf2f1f..1bf382b 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 32e9fbbf1bc41283c3af2ed24044edff8fcf1c69 Mon Sep 17 00:00:00 2001
|
From 5d18a80e7f10e03229d46ffa409ff82af034448b Mon Sep 17 00:00:00 2001
|
||||||
From: Dave Howells <dhowells@redhat.com>
|
From: Dave Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
Date: Tue, 23 Oct 2012 09:30:54 -0400
|
||||||
Subject: [PATCH 33/47] Add EFI signature data types
|
Subject: [PATCH 33/47] Add EFI signature data types
|
||||||
@ -4806,7 +4668,7 @@ index 1bf382b..8902faf 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From a040224f153348fa8df70f6c2cefd107d5ea004f Mon Sep 17 00:00:00 2001
|
From 891ffe35209bd889a2c01d733f0b255cdf4e6ebe Mon Sep 17 00:00:00 2001
|
||||||
From: Dave Howells <dhowells@redhat.com>
|
From: Dave Howells <dhowells@redhat.com>
|
||||||
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
Date: Tue, 23 Oct 2012 09:36:28 -0400
|
||||||
Subject: [PATCH 34/47] Add an EFI signature blob parser and key loader.
|
Subject: [PATCH 34/47] Add an EFI signature blob parser and key loader.
|
||||||
@ -4986,7 +4848,7 @@ index 8902faf..ff3c599 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From e096ebf28fdc1a96055a1e2a8b3a194c64560e77 Mon Sep 17 00:00:00 2001
|
From 0f5c163a734890d86611bed2717457551c5a0b30 Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
Date: Fri, 26 Oct 2012 12:36:24 -0400
|
||||||
Subject: [PATCH 35/47] KEYS: Add a system blacklist keyring
|
Subject: [PATCH 35/47] KEYS: Add a system blacklist keyring
|
||||||
@ -5101,7 +4963,7 @@ index dae8778..2913c70 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 8ae4ff8d17e43538f4b5aca9758c461dbd4e26f3 Mon Sep 17 00:00:00 2001
|
From 1fda98f6edb36b6713df3a7e4578c27c1aa03d89 Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
Date: Fri, 26 Oct 2012 12:42:16 -0400
|
||||||
Subject: [PATCH 36/47] MODSIGN: Import certificates from UEFI Secure Boot
|
Subject: [PATCH 36/47] MODSIGN: Import certificates from UEFI Secure Boot
|
||||||
@ -5166,7 +5028,7 @@ index e82c950..e15c960 100644
|
|||||||
prompt "Which hash algorithm should modules be signed with?"
|
prompt "Which hash algorithm should modules be signed with?"
|
||||||
depends on MODULE_SIG
|
depends on MODULE_SIG
|
||||||
diff --git a/kernel/Makefile b/kernel/Makefile
|
diff --git a/kernel/Makefile b/kernel/Makefile
|
||||||
index 9824a86..ac803d0 100644
|
index 9777222..2cbb45b 100644
|
||||||
--- a/kernel/Makefile
|
--- a/kernel/Makefile
|
||||||
+++ b/kernel/Makefile
|
+++ b/kernel/Makefile
|
||||||
@@ -56,6 +56,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
@@ -56,6 +56,7 @@ obj-$(CONFIG_UID16) += uid16.o
|
||||||
@ -5287,7 +5149,7 @@ index 0000000..df831ff
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From a7aa88c97e85e0a9fdd95b1a0ba3605b36f4313a Mon Sep 17 00:00:00 2001
|
From 737ae51d4157b099037609127117102b56f196d1 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:40:57 -0400
|
Date: Thu, 20 Sep 2012 10:40:57 -0400
|
||||||
Subject: [PATCH 37/47] PCI: Lock down BAR access in secure boot environments
|
Subject: [PATCH 37/47] PCI: Lock down BAR access in secure boot environments
|
||||||
@ -5339,7 +5201,7 @@ index 9c6e9bb..b966089 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||||
index 9b8505c..35580bc 100644
|
index 0b00947..7639f68 100644
|
||||||
--- a/drivers/pci/proc.c
|
--- a/drivers/pci/proc.c
|
||||||
+++ b/drivers/pci/proc.c
|
+++ b/drivers/pci/proc.c
|
||||||
@@ -139,6 +139,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof
|
@@ -139,6 +139,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof
|
||||||
@ -5388,7 +5250,7 @@ index e1c1ec5..97e785f 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 3ab26acbd1042405f65bf72f44c857511d953b83 Mon Sep 17 00:00:00 2001
|
From 6cf45d0803d6d3f544e4033cf95c1357b34896f2 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:40:58 -0400
|
Date: Thu, 20 Sep 2012 10:40:58 -0400
|
||||||
Subject: [PATCH 38/47] x86: Lock down IO port access in secure boot
|
Subject: [PATCH 38/47] x86: Lock down IO port access in secure boot
|
||||||
@ -5428,7 +5290,7 @@ index 4ddaf66..f505995 100644
|
|||||||
}
|
}
|
||||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
||||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||||
index 6f6e92a..9362b9b 100644
|
index 2c644af..7eee4d8 100644
|
||||||
--- a/drivers/char/mem.c
|
--- a/drivers/char/mem.c
|
||||||
+++ b/drivers/char/mem.c
|
+++ b/drivers/char/mem.c
|
||||||
@@ -597,6 +597,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
@@ -597,6 +597,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
||||||
@ -5445,7 +5307,7 @@ index 6f6e92a..9362b9b 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From c05363da5dfcc35d9717c2cd6cc47690f92e9cdc Mon Sep 17 00:00:00 2001
|
From ebb40a7c6dc438afd6050c20c0b5f81e9701d985 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:40:59 -0400
|
Date: Thu, 20 Sep 2012 10:40:59 -0400
|
||||||
Subject: [PATCH 39/47] ACPI: Limit access to custom_method
|
Subject: [PATCH 39/47] ACPI: Limit access to custom_method
|
||||||
@ -5477,7 +5339,7 @@ index 12b62f2..edf0710 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 47f48642c2e767b8f1219a6692a90262e2dfaee6 Mon Sep 17 00:00:00 2001
|
From cb35d821b7591fe9fed20db28d50addfe00fb128 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:41:00 -0400
|
Date: Thu, 20 Sep 2012 10:41:00 -0400
|
||||||
Subject: [PATCH 40/47] asus-wmi: Restrict debugfs interface
|
Subject: [PATCH 40/47] asus-wmi: Restrict debugfs interface
|
||||||
@ -5530,7 +5392,7 @@ index f80ae4d..059195f 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From a18dec77f42e30d986a29f51d2f0933d2c30b9c3 Mon Sep 17 00:00:00 2001
|
From 6bfdb84e12b802d4a31f1a7c238bb3e91421e3af Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:41:01 -0400
|
Date: Thu, 20 Sep 2012 10:41:01 -0400
|
||||||
Subject: [PATCH 41/47] Restrict /dev/mem and /dev/kmem in secure boot setups
|
Subject: [PATCH 41/47] Restrict /dev/mem and /dev/kmem in secure boot setups
|
||||||
@ -5544,7 +5406,7 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|||||||
1 file changed, 6 insertions(+)
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||||
index 9362b9b..3c55828 100644
|
index 7eee4d8..772ee2b 100644
|
||||||
--- a/drivers/char/mem.c
|
--- a/drivers/char/mem.c
|
||||||
+++ b/drivers/char/mem.c
|
+++ b/drivers/char/mem.c
|
||||||
@@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
@@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||||
@ -5571,7 +5433,7 @@ index 9362b9b..3c55828 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From b03691364e9bee51a92a32887bdb783a8210364c Mon Sep 17 00:00:00 2001
|
From 1f0241ccbc1a54954e66b8426b33cfdd49861208 Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Thu, 20 Sep 2012 10:41:04 -0400
|
Date: Thu, 20 Sep 2012 10:41:04 -0400
|
||||||
Subject: [PATCH 42/47] acpi: Ignore acpi_rsdp kernel parameter in a secure
|
Subject: [PATCH 42/47] acpi: Ignore acpi_rsdp kernel parameter in a secure
|
||||||
@ -5606,7 +5468,7 @@ index 586e7e9..8950454 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From febf4b93d82db4e575014ff518f500ae988ef2aa Mon Sep 17 00:00:00 2001
|
From 3d141f6e5ead9ec80412001f646c09dbef90827b Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Tue, 4 Sep 2012 11:55:13 -0400
|
Date: Tue, 4 Sep 2012 11:55:13 -0400
|
||||||
Subject: [PATCH 43/47] kexec: Disable in a secure boot environment
|
Subject: [PATCH 43/47] kexec: Disable in a secure boot environment
|
||||||
@ -5638,7 +5500,7 @@ index 2436ffc..a78e71a 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 99a767e78759ad32c78e79690f6aabd72caf5969 Mon Sep 17 00:00:00 2001
|
From 8c6131a869a749322a94b578c99204353d3a3820 Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Fri, 5 Oct 2012 10:12:48 -0400
|
Date: Fri, 5 Oct 2012 10:12:48 -0400
|
||||||
Subject: [PATCH 44/47] MODSIGN: Always enforce module signing in a Secure Boot
|
Subject: [PATCH 44/47] MODSIGN: Always enforce module signing in a Secure Boot
|
||||||
@ -5681,7 +5543,7 @@ index c3f4e3e..c5554e0 100644
|
|||||||
|
|
||||||
/* Dummy Secure Boot enable option to fake out UEFI SB=1 */
|
/* Dummy Secure Boot enable option to fake out UEFI SB=1 */
|
||||||
diff --git a/kernel/module.c b/kernel/module.c
|
diff --git a/kernel/module.c b/kernel/module.c
|
||||||
index 921bed4..2ee8a7c 100644
|
index 0925c9a..af4a476 100644
|
||||||
--- a/kernel/module.c
|
--- a/kernel/module.c
|
||||||
+++ b/kernel/module.c
|
+++ b/kernel/module.c
|
||||||
@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
|
@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
|
||||||
@ -5700,7 +5562,7 @@ index 921bed4..2ee8a7c 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 9a3364262073f8ae3f00a4bad626823811fedffa Mon Sep 17 00:00:00 2001
|
From d1f48eaf24be97f7bd86f4680ed7d64c6238787f Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Fri, 26 Oct 2012 14:02:09 -0400
|
Date: Fri, 26 Oct 2012 14:02:09 -0400
|
||||||
Subject: [PATCH 45/47] hibernate: Disable in a Secure Boot environment
|
Subject: [PATCH 45/47] hibernate: Disable in a Secure Boot environment
|
||||||
@ -5814,7 +5676,7 @@ index 4ed81e7..b11a0f4 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From 74bfbcb7c06c502b536d0d0e2eab3f4423452e11 Mon Sep 17 00:00:00 2001
|
From 8816b7dc8421fb97a2423cb245c28eec978009fe Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
Date: Tue, 5 Feb 2013 19:25:05 -0500
|
||||||
Subject: [PATCH 46/47] efi: Disable secure boot if shim is in insecure mode
|
Subject: [PATCH 46/47] efi: Disable secure boot if shim is in insecure mode
|
||||||
@ -5873,7 +5735,7 @@ index 96bd86b..6e1331c 100644
|
|||||||
1.8.1.2
|
1.8.1.2
|
||||||
|
|
||||||
|
|
||||||
From f472a81527c0f2efbb8f2ad9c799b3fd13a79806 Mon Sep 17 00:00:00 2001
|
From af08e556b6c214021bda6d601fcc4a23f8cbd1a5 Mon Sep 17 00:00:00 2001
|
||||||
From: Kees Cook <keescook@chromium.org>
|
From: Kees Cook <keescook@chromium.org>
|
||||||
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
Date: Fri, 8 Feb 2013 11:12:13 -0800
|
||||||
Subject: [PATCH 47/47] x86: Lock down MSR writing in secure boot
|
Subject: [PATCH 47/47] x86: Lock down MSR writing in secure boot
|
@ -95,7 +95,7 @@ Summary: The Linux kernel
|
|||||||
# The rc snapshot level
|
# The rc snapshot level
|
||||||
%define rcrev 0
|
%define rcrev 0
|
||||||
# The git snapshot level
|
# The git snapshot level
|
||||||
%define gitrev 10
|
%define gitrev 11
|
||||||
# Set rpm version accordingly
|
# Set rpm version accordingly
|
||||||
%define rpmversion 3.%{upstream_sublevel}.0
|
%define rpmversion 3.%{upstream_sublevel}.0
|
||||||
%endif
|
%endif
|
||||||
@ -667,7 +667,7 @@ Patch800: crash-driver.patch
|
|||||||
# crypto/
|
# crypto/
|
||||||
|
|
||||||
# secure boot
|
# secure boot
|
||||||
Patch1000: devel-pekey-secure-boot-20130226.patch
|
Patch1000: devel-pekey-secure-boot-20130227.patch
|
||||||
|
|
||||||
# virt + ksm patches
|
# virt + ksm patches
|
||||||
|
|
||||||
@ -1374,7 +1374,7 @@ ApplyPatch crash-driver.patch
|
|||||||
# crypto/
|
# crypto/
|
||||||
|
|
||||||
# secure boot
|
# secure boot
|
||||||
ApplyPatch devel-pekey-secure-boot-20130226.patch
|
ApplyPatch devel-pekey-secure-boot-20130227.patch
|
||||||
|
|
||||||
# Assorted Virt Fixes
|
# Assorted Virt Fixes
|
||||||
|
|
||||||
@ -2296,6 +2296,9 @@ fi
|
|||||||
# ||----w |
|
# ||----w |
|
||||||
# || ||
|
# || ||
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 27 2013 Josh Boyer <jwboyer@redhat.com> - 3.9.0-0.rc0.git11.1
|
||||||
|
- Linux v3.8-9456-g309667e
|
||||||
|
|
||||||
* Wed Feb 27 2013 Josh Boyer <jwboyer@redhat.com> - 3.9.0-0.rc0.git10.1
|
* Wed Feb 27 2013 Josh Boyer <jwboyer@redhat.com> - 3.9.0-0.rc0.git10.1
|
||||||
- Linux v3.8-9405-gd895cb1
|
- Linux v3.8-9405-gd895cb1
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user