Linux v3.8-8664-gc41b381

This commit is contained in:
Josh Boyer 2013-02-26 08:40:33 -05:00
parent 52da9d6402
commit ab465cba10
12 changed files with 114 additions and 96 deletions

View File

@ -407,3 +407,6 @@ CONFIG_EXTCON_GPIO=m
CONFIG_VIRTUALIZATION=y
CONFIG_XZ_DEC_ARM=y
CONFIG_DRM_TILCDC=m
CONFIG_OF_DISPLAY_TIMING=y
CONFIG_OF_VIDEOMODE=y

View File

@ -468,4 +468,8 @@ CONFIG_VIRTUALIZATION=y
# CONFIG_ARM_HIGHBANK_CPUFREQ is not set
# CONFIG_RFKILL_REGULATOR is not set
CONFIG_DRM_TILCDC=m
CONFIG_OF_DISPLAY_TIMING=y
CONFIG_OF_VIDEOMODE=y
CONFIG_XZ_DEC_ARM=y

View File

@ -2565,6 +2565,7 @@ CONFIG_DRM_CIRRUS_QEMU=m # do not enable on f17 or older
# CONFIG_DRM_R128 is not set
CONFIG_DRM_RADEON=m
CONFIG_DRM_RADEON_KMS=y
# CONFIG_DRM_RADEON_UMS is not set
# CONFIG_DRM_I810 is not set
# CONFIG_DRM_MGA is not set
CONFIG_DRM_MGAG200=m # do not enable on f17 or older
@ -2581,6 +2582,7 @@ CONFIG_DRM_NOUVEAU_DEBUG=y
# CONFIG_DRM_PSB is not set
CONFIG_DRM_I2C_CH7006=m
CONFIG_DRM_I2C_SIL164=m
CONFIG_DRM_I2C_NXP_TDA998X=m
CONFIG_DRM_UDL=m
CONFIG_DRM_VMWGFX=m
CONFIG_DRM_VMWGFX_FBCON=y
@ -4020,6 +4022,7 @@ CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_CRC32C=y
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_CTR=y
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_DEFLATE=m

View File

@ -381,6 +381,9 @@ CONFIG_RCU_FANOUT_LEAF=16
# CONFIG_RTC_DRV_SNVS is not set
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
# CONFIG_OF_DISPLAY_TIMING is not set
# CONFIG_OF_VIDEOMODE is not set
CONFIG_POWER_RESET_GPIO=y
CONFIG_FB_SSD1307=m
CONFIG_INPUT_PWM_BEEPER=m

View File

@ -228,3 +228,5 @@ CONFIG_BACKLIGHT_PWM=m
# CONFIG_GPIO_ADNP is not set
# CONFIG_BACKLIGHT_OT200 is not set
# CONFIG_RTC_DRV_SNVS is not set
# CONFIG_OF_DISPLAY_TIMING is not set
# CONFIG_OF_VIDEOMODE is not set

View File

@ -396,6 +396,7 @@ CONFIG_PCH_PHUB=m
CONFIG_CRYPTO_AES_NI_INTEL=y
CONFIG_CRYPTO_SERPENT_SSE2_586=m
CONFIG_CRYPTO_CRC32_PCLMUL=m
CONFIG_HP_ACCEL=m
@ -441,6 +442,7 @@ CONFIG_MPILIB=y
CONFIG_PKCS7_MESSAGE_PARSER=y
CONFIG_PE_FILE_PARSER=y
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
# CONFIG_MODULE_SIG_SHA1 is not set
CONFIG_MODULE_SIG_SHA256=y
# CONFIG_MODULE_SIG_FORCE is not set

View File

@ -1,4 +1,4 @@
From 5505011f0dea1c6ea1845f26f717c902e7ceeca8 Mon Sep 17 00:00:00 2001
From d8cfe24ede3c3d8ce48d9c8ea791984777d783fc Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Fri, 18 Jan 2013 13:53:35 +0000
Subject: [PATCH 01/47] KEYS: Load *.x509 files into kernel keyring
@ -15,7 +15,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
2 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/kernel/Makefile b/kernel/Makefile
index 6c072b6..bdabd1d 100644
index eceac38..2c83d21 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -134,17 +134,40 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE
@ -81,7 +81,7 @@ index 246b4c6..0a60203 100644
1.8.1.2
From 0dd4f2579d10371b51c29a97a152679f47799b7b Mon Sep 17 00:00:00 2001
From 45078a904bc6488f2e3a69b71213950e0ff04db0 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 18:39:54 +0000
Subject: [PATCH 02/47] KEYS: Separate the kernel signature checking keyring
@ -138,10 +138,10 @@ index 0000000..8dabc39
+
+#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 335a1f6..235b340 100644
index 0a5e80f..053072f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1566,6 +1566,18 @@ config BASE_SMALL
@@ -1567,6 +1567,18 @@ config BASE_SMALL
default 0 if BASE_FULL
default 1 if !BASE_FULL
@ -160,7 +160,7 @@ index 335a1f6..235b340 100644
menuconfig MODULES
bool "Enable loadable module support"
help
@@ -1638,6 +1650,7 @@ config MODULE_SRCVERSION_ALL
@@ -1639,6 +1651,7 @@ config MODULE_SRCVERSION_ALL
config MODULE_SIG
bool "Module signature verification"
depends on MODULES
@ -169,7 +169,7 @@ index 335a1f6..235b340 100644
select CRYPTO
select ASYMMETRIC_KEY_TYPE
diff --git a/kernel/Makefile b/kernel/Makefile
index bdabd1d..0ca8c0a 100644
index 2c83d21..454ce54 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -53,8 +53,9 @@ obj-$(CONFIG_SMP) += spinlock.o
@ -526,7 +526,7 @@ index 0000000..a3ca76f
1.8.1.2
From 690abd8eab5d8a819f6176a5c2854eb9065e6b0e Mon Sep 17 00:00:00 2001
From cde17a931bb2f8631cfd6576f07f77857a383248 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Thu, 17 Jan 2013 16:25:00 +0000
Subject: [PATCH 03/47] KEYS: Add a 'trusted' flag and a 'trusted only' flag
@ -655,7 +655,7 @@ index 6ece7f2..f18d7ff 100644
1.8.1.2
From fad2afa83a374279fd87de99e2c6c095ff5805d7 Mon Sep 17 00:00:00 2001
From 2e5ee12060b914772094d038b7bd9c2e486d339f Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:32 +0000
Subject: [PATCH 04/47] KEYS: Rename public key parameter name arrays
@ -810,7 +810,7 @@ index 0034e36..0b6b870 100644
1.8.1.2
From e4cc5a26c7234e392cb728192c5b170e34b66482 Mon Sep 17 00:00:00 2001
From d823c31e932ecd1e1c24435b447b35bbe9e3ee9d Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:33 +0000
Subject: [PATCH 05/47] KEYS: Move the algorithm pointer array from x509 to
@ -892,7 +892,7 @@ index 619d570..46bde25 100644
1.8.1.2
From a8c43547bf756aa0f9298eb6b2434bec396fdc5f Mon Sep 17 00:00:00 2001
From cd2153b3e5b694e88fe4a136b9bae70c16b72fd0 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:33 +0000
Subject: [PATCH 06/47] KEYS: Store public key algo ID in public_key struct
@ -977,7 +977,7 @@ index 46bde25..05778df 100644
1.8.1.2
From 1734b7a677e734f8cc5a48f7d603a8459c6f07b3 Mon Sep 17 00:00:00 2001
From 120a94c9b259d1d19ab64c82737121dcc23e50ea Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:34 +0000
Subject: [PATCH 07/47] KEYS: Split public_key_verify_signature() and make
@ -1093,7 +1093,7 @@ index fac574c..8cb2f70 100644
1.8.1.2
From e670c6092566a8ae4cc84f69de731ece54b8e6fe Mon Sep 17 00:00:00 2001
From 2fc59e9f40053886e23c7bbed0841676472d0641 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:35 +0000
Subject: [PATCH 08/47] KEYS: Store public key algo ID in public_key_signature
@ -1126,7 +1126,7 @@ index 05778df..b34fda4 100644
1.8.1.2
From b5fadfd9bfd78d8673d441ce4705ebceb7a50ff6 Mon Sep 17 00:00:00 2001
From 8de67c627dbfc895797320c82a3ebf87f5b8d446 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:35 +0000
Subject: [PATCH 09/47] X.509: struct x509_certificate needs struct tm
@ -1158,7 +1158,7 @@ index e583ad0..2d01182 100644
1.8.1.2
From 443b99be01cbec691c167070e06fc50daae6fae0 Mon Sep 17 00:00:00 2001
From 074c5a12ea0152b2a3331174ad02f3ccc8ac9915 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:35 +0000
Subject: [PATCH 10/47] X.509: Add bits needed for PKCS#7
@ -1256,7 +1256,7 @@ index 2d01182..a6ce46f 100644
1.8.1.2
From 68b672c38edc579d748011074d8483e60761bbd4 Mon Sep 17 00:00:00 2001
From 539f6dc3de1679495b7ce4f252e815d8373ffcef Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:36 +0000
Subject: [PATCH 11/47] X.509: Embed public_key_signature struct and create
@ -1524,7 +1524,7 @@ index 8cb2f70..b7c81d8 100644
1.8.1.2
From 6d48ecc0c731559306d1954477a6f0fc4f1be6d9 Mon Sep 17 00:00:00 2001
From 760bd4c7f0be3da4191b737a480af92df125431e Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:36 +0000
Subject: [PATCH 12/47] X.509: Check the algorithm IDs obtained from parsing an
@ -1565,7 +1565,7 @@ index b7c81d8..eb368d4 100644
1.8.1.2
From f390f6cc3ad33dd08c9f89b10d78fa37168541bd Mon Sep 17 00:00:00 2001
From 5f7f7268ce26dfdd754f9bcb081c380b5409b072 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:37 +0000
Subject: [PATCH 13/47] X.509: Handle certificates that lack an
@ -1612,7 +1612,7 @@ index eb368d4..0f55e3b 100644
1.8.1.2
From 42c489d47a83cd4639d961b0bb4fb0fbda786e18 Mon Sep 17 00:00:00 2001
From e2d27f7dd12e2368b03a2007b435c5ae35020218 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:37 +0000
Subject: [PATCH 14/47] X.509: Export certificate parse and free functions
@ -1658,7 +1658,7 @@ index 931f069..9cf0e16 100644
1.8.1.2
From d7483c12fe9f5dbe9925fdfd9cb3eef6ea6b11a0 Mon Sep 17 00:00:00 2001
From b6c2806dcc10f6377cafcde2b74d49419266fba8 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:38 +0000
Subject: [PATCH 15/47] PKCS#7: Implement a parser [RFC 2315]
@ -2271,7 +2271,7 @@ index 6926db7..edeff85 100644
1.8.1.2
From 4eed0acf5f18e017dc5f1ef0e2e97c46ec7ecd9f Mon Sep 17 00:00:00 2001
From 0aa7a27b37790e737bbd80f61ccc12184baed13c Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:38 +0000
Subject: [PATCH 16/47] PKCS#7: Digest the data in a signed-data message
@ -2445,7 +2445,7 @@ index 0000000..2f9f26c
1.8.1.2
From 972d45348be27a3bb79329444ba8721ad8ec58b1 Mon Sep 17 00:00:00 2001
From e84f2d2018594d3b5c4ecbe45e29ca7eb0b50909 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:39 +0000
Subject: [PATCH 17/47] PKCS#7: Find the right key in the PKCS#7 key list and
@ -2544,7 +2544,7 @@ index 2f9f26c..3f6f0e2 100644
1.8.1.2
From dc104f5714dc4ae16433bb190f6e76e1e089d5cb Mon Sep 17 00:00:00 2001
From d64d4625334797a96891b93cffb0899f3dd6218d Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:39 +0000
Subject: [PATCH 18/47] PKCS#7: Verify internal certificate chain
@ -2660,7 +2660,7 @@ index 6b1d877..5e35fba 100644
1.8.1.2
From d4865c3eaf6027f6ae88420061c4ccce8ab8f673 Mon Sep 17 00:00:00 2001
From 051964867e90089bcd643cce929e1a6494abe20b Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:42 +0000
Subject: [PATCH 19/47] PKCS#7: Find intersection between PKCS#7 message and
@ -2867,7 +2867,7 @@ index 0000000..cc226f5
1.8.1.2
From 93f38d7b1b4c69f1494b7355f177772f7a6f7f8d Mon Sep 17 00:00:00 2001
From 7cbe9a52ec426f2d1e2bdaefda34a16987114a98 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:39 +0000
Subject: [PATCH 20/47] Provide PE binary definitions
@ -3340,7 +3340,7 @@ index 0000000..9234aef
1.8.1.2
From 4a1c57d1ab27249c332745bd8ae6f9090320ae21 Mon Sep 17 00:00:00 2001
From 63bfd5e0dbf914df3e39011ea0bc0e3fa056420b Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:40 +0000
Subject: [PATCH 21/47] pefile: Parse a PE binary to find a key and a signature
@ -3634,7 +3634,7 @@ index 0000000..82bcaf6
1.8.1.2
From ecd81cc1f7c7fd29f927542e58f48dfc9546d1fb Mon Sep 17 00:00:00 2001
From 82101ad57553b695c00e1b1c686d61ae4be27ab2 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:40 +0000
Subject: [PATCH 22/47] pefile: Strip the wrapper off of the cert data block
@ -3738,7 +3738,7 @@ index fb80cf0..f2d4df0 100644
1.8.1.2
From 2d63f78e1c630bea430c00a3a3ab53b040aa1133 Mon Sep 17 00:00:00 2001
From 1e9df8e0c3ac669a43ca856f15e377f3ac671ae0 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:40 +0000
Subject: [PATCH 23/47] pefile: Parse the presumed PKCS#7 content of the
@ -3792,7 +3792,7 @@ index f2d4df0..056500f 100644
1.8.1.2
From 786f781635b3717130680dd74d659fb7d859bf43 Mon Sep 17 00:00:00 2001
From 99df31e182eafe3473eec9805d08847411527c79 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:41 +0000
Subject: [PATCH 24/47] pefile: Parse the "Microsoft individual code signing"
@ -4035,7 +4035,7 @@ index edeff85..332dcf5 100644
1.8.1.2
From 51489aeb58b0eae9dc9777b7fcd5f2b0f359fb18 Mon Sep 17 00:00:00 2001
From dcebe53a75f108c10ac0c429d2b63f3f1f02c109 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:41 +0000
Subject: [PATCH 25/47] pefile: Digest the PE binary and compare to the PKCS#7
@ -4271,7 +4271,7 @@ index f1c8cc1..dfdb85e 100644
1.8.1.2
From 330d4bfa5c8c35132f96f82611a7b67cd357c2b4 Mon Sep 17 00:00:00 2001
From 3aa52815d5d27045e66b9a3970ff2af8b707bfa6 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Fri, 18 Jan 2013 13:58:35 +0000
Subject: [PATCH 26/47] PEFILE: Validate PKCS#7 trust chain
@ -4323,7 +4323,7 @@ index dfdb85e..edad948 100644
1.8.1.2
From 83e1d7749d539fd08cf90a7130d1f2e6894b1e9e Mon Sep 17 00:00:00 2001
From 125d3794df049a715905529e05b6400db1309ec5 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 15 Jan 2013 15:33:42 +0000
Subject: [PATCH 27/47] PEFILE: Load the contained key if we consider the
@ -4414,7 +4414,7 @@ index 0f55e3b..c3e5a6d 100644
1.8.1.2
From 9332a041cd9ac613e5ee3084277f2e8c8b86f2b0 Mon Sep 17 00:00:00 2001
From f8089a0ae1983d8a079510126d7f21bd01d3a971 Mon Sep 17 00:00:00 2001
From: Chun-Yi Lee <joeyli.kernel@gmail.com>
Date: Thu, 21 Feb 2013 19:23:49 +0800
Subject: [PATCH 28/47] MODSIGN: Fix including certificate twice when the
@ -4450,7 +4450,7 @@ Signed-off-by: David Howells <dhowells@redhat.com>
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/Makefile b/kernel/Makefile
index 0ca8c0a..ecbe73f 100644
index 454ce54..9824a86 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE
@ -4469,7 +4469,7 @@ index 0ca8c0a..ecbe73f 100644
1.8.1.2
From 5bb88a55fb473ec01407a97dfab6876f6e06fbae Mon Sep 17 00:00:00 2001
From 26909a21e7274b6d9e04374e2a11e4fbc07713f3 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 20 Sep 2012 10:40:56 -0400
Subject: [PATCH 29/47] Secure boot: Add new capability
@ -4506,7 +4506,7 @@ index ba478fa..7109e65 100644
1.8.1.2
From 13a2c2fd41d7058818b62adcef44bf45cdb63c33 Mon Sep 17 00:00:00 2001
From ea9b455fe0e2c2f133ab26e24cc3c1e83fd2a0e4 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Thu, 20 Sep 2012 10:41:05 -0400
Subject: [PATCH 30/47] SELinux: define mapping for new Secure Boot capability
@ -4539,7 +4539,7 @@ index 14d04e6..ed99a2d 100644
1.8.1.2
From 54dde4c34a33b2d26b7301c4d516110d4169025e Mon Sep 17 00:00:00 2001
From f945b0d4c7653109a2cca48de11faa8c44e4c503 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Thu, 20 Sep 2012 10:41:02 -0400
Subject: [PATCH 31/47] Secure boot: Add a dummy kernel parameter that will
@ -4556,10 +4556,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
2 files changed, 24 insertions(+)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 4c5b3f9..fff3306 100644
index 1da9465..6152011 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2650,6 +2650,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
@@ -2710,6 +2710,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
Note: increases power consumption, thus should only be
enabled if running jitter sensitive (HPC/RT) workloads.
@ -4605,7 +4605,7 @@ index e0573a4..c3f4e3e 100644
1.8.1.2
From 9adb0274e08a3b79b38fd4947f044fba7f9f65f5 Mon Sep 17 00:00:00 2001
From eb90b28185e0a14b4d585713078229f1416fbf0c Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 20 Sep 2012 10:41:03 -0400
Subject: [PATCH 32/47] efi: Enable secure boot lockdown automatically when
@ -4705,10 +4705,10 @@ index c15ddaf..85d7685 100644
* The sentinel is set to a nonzero value (0xff) in header.S.
*
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 8b24289..d74b441 100644
index 9c857f0..72c67cf 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1042,6 +1042,13 @@ void __init setup_arch(char **cmdline_p)
@@ -1107,6 +1107,13 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
@ -4751,7 +4751,7 @@ index 9bf2f1f..1bf382b 100644
1.8.1.2
From 76b1da1888fe494ee403d7bd3615d3559577c03d Mon Sep 17 00:00:00 2001
From 32e9fbbf1bc41283c3af2ed24044edff8fcf1c69 Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:30:54 -0400
Subject: [PATCH 33/47] Add EFI signature data types
@ -4806,7 +4806,7 @@ index 1bf382b..8902faf 100644
1.8.1.2
From d9cffc8d14cc626121aa6c39c62bc3a0ed5b7adf Mon Sep 17 00:00:00 2001
From a040224f153348fa8df70f6c2cefd107d5ea004f Mon Sep 17 00:00:00 2001
From: Dave Howells <dhowells@redhat.com>
Date: Tue, 23 Oct 2012 09:36:28 -0400
Subject: [PATCH 34/47] Add an EFI signature blob parser and key loader.
@ -4986,7 +4986,7 @@ index 8902faf..ff3c599 100644
1.8.1.2
From 500ddf1d7e0c4f91eb5b8d276e890c68a5e28947 Mon Sep 17 00:00:00 2001
From e096ebf28fdc1a96055a1e2a8b3a194c64560e77 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Fri, 26 Oct 2012 12:36:24 -0400
Subject: [PATCH 35/47] KEYS: Add a system blacklist keyring
@ -5020,10 +5020,10 @@ index 8dabc39..e466de1 100644
#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/init/Kconfig b/init/Kconfig
index 235b340..cecda2c 100644
index 053072f..e82c950 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1578,6 +1578,15 @@ config SYSTEM_TRUSTED_KEYRING
@@ -1579,6 +1579,15 @@ config SYSTEM_TRUSTED_KEYRING
Keys in this keyring are used by module signature checking.
@ -5101,7 +5101,7 @@ index dae8778..2913c70 100644
1.8.1.2
From 9b4dfeb07f9c166ce8966c6b0d388ef28de30b60 Mon Sep 17 00:00:00 2001
From 8ae4ff8d17e43538f4b5aca9758c461dbd4e26f3 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Fri, 26 Oct 2012 12:42:16 -0400
Subject: [PATCH 36/47] MODSIGN: Import certificates from UEFI Secure Boot
@ -5146,12 +5146,12 @@ index ff3c599..8400949 100644
efi_guid_t guid;
u64 table;
diff --git a/init/Kconfig b/init/Kconfig
index cecda2c..7c7ee99 100644
index e82c950..e15c960 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1685,6 +1685,15 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel.
@@ -1697,6 +1697,15 @@ config MODULE_SIG_ALL
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_UEFI
+ bool "Allow modules signed with certs stored in UEFI"
@ -5166,7 +5166,7 @@ index cecda2c..7c7ee99 100644
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
diff --git a/kernel/Makefile b/kernel/Makefile
index ecbe73f..396a4f8 100644
index 9824a86..ac803d0 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -56,6 +56,7 @@ obj-$(CONFIG_UID16) += uid16.o
@ -5287,7 +5287,7 @@ index 0000000..df831ff
1.8.1.2
From 128a3c36c23ab51d3a8f5ed6965f55d5630ff96a Mon Sep 17 00:00:00 2001
From a7aa88c97e85e0a9fdd95b1a0ba3605b36f4313a Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 20 Sep 2012 10:40:57 -0400
Subject: [PATCH 37/47] PCI: Lock down BAR access in secure boot environments
@ -5388,7 +5388,7 @@ index e1c1ec5..97e785f 100644
1.8.1.2
From 07b62d73214830c5600a0a452ea093042cfde30d Mon Sep 17 00:00:00 2001
From 3ab26acbd1042405f65bf72f44c857511d953b83 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 20 Sep 2012 10:40:58 -0400
Subject: [PATCH 38/47] x86: Lock down IO port access in secure boot
@ -5406,7 +5406,7 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 8c96897..a2578c4 100644
index 4ddaf66..f505995 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -28,7 +28,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
@ -5418,7 +5418,7 @@ index 8c96897..a2578c4 100644
return -EPERM;
/*
@@ -102,7 +102,7 @@ long sys_iopl(unsigned int level, struct pt_regs *regs)
@@ -103,7 +103,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
return -EINVAL;
/* Trying to gain more privileges? */
if (level > old) {
@ -5445,7 +5445,7 @@ index 6f6e92a..9362b9b 100644
1.8.1.2
From 965aaf55d5bdb62d92a0246b949e5a4afbfd134d Mon Sep 17 00:00:00 2001
From c05363da5dfcc35d9717c2cd6cc47690f92e9cdc Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 20 Sep 2012 10:40:59 -0400
Subject: [PATCH 39/47] ACPI: Limit access to custom_method
@ -5460,7 +5460,7 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index 6adfc70..1417a22 100644
index 12b62f2..edf0710 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
@ -5477,7 +5477,7 @@ index 6adfc70..1417a22 100644
1.8.1.2
From c0bb54849fae77c086078ad1f39dc48bca628b0b Mon Sep 17 00:00:00 2001
From 47f48642c2e767b8f1219a6692a90262e2dfaee6 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 20 Sep 2012 10:41:00 -0400
Subject: [PATCH 40/47] asus-wmi: Restrict debugfs interface
@ -5530,7 +5530,7 @@ index f80ae4d..059195f 100644
1.8.1.2
From 493d0f3a67e8cd023259dffcc685ff1ceabda25e Mon Sep 17 00:00:00 2001
From a18dec77f42e30d986a29f51d2f0933d2c30b9c3 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Thu, 20 Sep 2012 10:41:01 -0400
Subject: [PATCH 41/47] Restrict /dev/mem and /dev/kmem in secure boot setups
@ -5571,7 +5571,7 @@ index 9362b9b..3c55828 100644
1.8.1.2
From c46f2e27aa0d8074060833d82e5a265ebd0226cd Mon Sep 17 00:00:00 2001
From b03691364e9bee51a92a32887bdb783a8210364c Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Thu, 20 Sep 2012 10:41:04 -0400
Subject: [PATCH 42/47] acpi: Ignore acpi_rsdp kernel parameter in a secure
@ -5590,10 +5590,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 908b02d..3b03454 100644
index 586e7e9..8950454 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -246,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
@@ -245,7 +245,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
acpi_physical_address __init acpi_os_get_root_pointer(void)
{
#ifdef CONFIG_KEXEC
@ -5606,7 +5606,7 @@ index 908b02d..3b03454 100644
1.8.1.2
From 4aec57a891eadb044fcb7327a094b1bdd5500ee0 Mon Sep 17 00:00:00 2001
From febf4b93d82db4e575014ff518f500ae988ef2aa Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Tue, 4 Sep 2012 11:55:13 -0400
Subject: [PATCH 43/47] kexec: Disable in a secure boot environment
@ -5622,10 +5622,10 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 5e4bd78..dd464e0 100644
index 2436ffc..a78e71a 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -943,7 +943,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
@@ -949,7 +949,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
int result;
/* We only trust the superuser with rebooting the system. */
@ -5638,7 +5638,7 @@ index 5e4bd78..dd464e0 100644
1.8.1.2
From 7ee9a84db6c2b7e0a759599fc130d2230656980c Mon Sep 17 00:00:00 2001
From 99a767e78759ad32c78e79690f6aabd72caf5969 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Fri, 5 Oct 2012 10:12:48 -0400
Subject: [PATCH 44/47] MODSIGN: Always enforce module signing in a Secure Boot
@ -5681,7 +5681,7 @@ index c3f4e3e..c5554e0 100644
/* Dummy Secure Boot enable option to fake out UEFI SB=1 */
diff --git a/kernel/module.c b/kernel/module.c
index eab0827..93a16dc 100644
index 921bed4..2ee8a7c 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -109,9 +109,9 @@ struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
@ -5700,7 +5700,7 @@ index eab0827..93a16dc 100644
1.8.1.2
From 391610a167485543c827c90d3cf0eb7c1a1d2471 Mon Sep 17 00:00:00 2001
From 9a3364262073f8ae3f00a4bad626823811fedffa Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Fri, 26 Oct 2012 14:02:09 -0400
Subject: [PATCH 45/47] hibernate: Disable in a Secure Boot environment
@ -5814,7 +5814,7 @@ index 4ed81e7..b11a0f4 100644
1.8.1.2
From f18f493a03b58fe3aa068205a1555d43198ecb7e Mon Sep 17 00:00:00 2001
From 74bfbcb7c06c502b536d0d0e2eab3f4423452e11 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Tue, 5 Feb 2013 19:25:05 -0500
Subject: [PATCH 46/47] efi: Disable secure boot if shim is in insecure mode
@ -5873,7 +5873,7 @@ index 96bd86b..6e1331c 100644
1.8.1.2
From 5b9d42c881280380819f461639842ecf933e7c82 Mon Sep 17 00:00:00 2001
From f472a81527c0f2efbb8f2ad9c799b3fd13a79806 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Fri, 8 Feb 2013 11:12:13 -0800
Subject: [PATCH 47/47] x86: Lock down MSR writing in secure boot

View File

@ -1,8 +1,8 @@
diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
index 296cfc2..516e1e2 100644
index f61cb79..64a24c0 100644
--- a/drivers/gpu/drm/i915/intel_dp.c
+++ b/drivers/gpu/drm/i915/intel_dp.c
@@ -350,7 +350,7 @@ intel_dp_check_edp(struct intel_dp *intel_dp)
@@ -315,7 +315,7 @@ intel_dp_check_edp(struct intel_dp *intel_dp)
if (!is_edp(intel_dp))
return;
if (!ironlake_edp_have_panel_power(intel_dp) && !ironlake_edp_have_panel_vdd(intel_dp)) {
@ -11,16 +11,16 @@ index 296cfc2..516e1e2 100644
DRM_DEBUG_KMS("Status 0x%08x Control 0x%08x\n",
I915_READ(PCH_PP_STATUS),
I915_READ(PCH_PP_CONTROL));
@@ -400,7 +400,7 @@ intel_dp_aux_ch(struct intel_dp *intel_dp,
@@ -446,7 +446,7 @@ intel_dp_aux_ch(struct intel_dp *intel_dp,
}
if (try == 3) {
- WARN(1, "dp_aux_ch not started status 0x%08x\n",
+ DRM_ERROR("dp_aux_ch not started status 0x%08x\n",
I915_READ(ch_ctl));
return -EBUSY;
}
@@ -1024,8 +1024,8 @@ static void ironlake_edp_panel_vdd_on(struct intel_dp *intel_dp)
ret = -EBUSY;
goto out;
@@ -1083,8 +1083,8 @@ void ironlake_edp_panel_vdd_on(struct intel_dp *intel_dp)
return;
DRM_DEBUG_KMS("Turn eDP VDD on\n");
@ -31,7 +31,7 @@ index 296cfc2..516e1e2 100644
intel_dp->want_panel_vdd = true;
@@ -1090,7 +1090,8 @@ static void ironlake_edp_panel_vdd_off(struct intel_dp *intel_dp, bool sync)
@@ -1151,7 +1151,8 @@ void ironlake_edp_panel_vdd_off(struct intel_dp *intel_dp, bool sync)
return;
DRM_DEBUG_KMS("Turn eDP VDD off %d\n", intel_dp->want_panel_vdd);
@ -41,7 +41,7 @@ index 296cfc2..516e1e2 100644
intel_dp->want_panel_vdd = false;
@@ -1160,7 +1161,8 @@ static void ironlake_edp_panel_off(struct intel_dp *intel_dp)
@@ -1221,7 +1222,8 @@ void ironlake_edp_panel_off(struct intel_dp *intel_dp)
DRM_DEBUG_KMS("Turn eDP power off\n");
@ -50,4 +50,4 @@ index 296cfc2..516e1e2 100644
+ DRM_ERROR("Need VDD to turn off panel\n");
pp = ironlake_get_pp_control(dev_priv);
pp &= ~(POWER_TARGET_ON | PANEL_POWER_RESET | EDP_BLC_ENABLE);
/* We need to switch off panel power _and_ force vdd, for otherwise some

View File

@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 2
%global baserelease 1
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@ -95,7 +95,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 0
# The git snapshot level
%define gitrev 7
%define gitrev 8
# Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0
%endif
@ -667,7 +667,7 @@ Patch800: crash-driver.patch
# crypto/
# secure boot
Patch1000: devel-pekey-secure-boot-20130222.patch
Patch1000: devel-pekey-secure-boot-20130226.patch
# virt + ksm patches
@ -1377,7 +1377,7 @@ ApplyPatch crash-driver.patch
# crypto/
# secure boot
ApplyPatch devel-pekey-secure-boot-20130222.patch
ApplyPatch devel-pekey-secure-boot-20130226.patch
# Assorted Virt Fixes
@ -2302,9 +2302,14 @@ fi
# ||----w |
# || ||
%changelog
* Tue Feb 26 2013 Josh Boyer <jwboyer@redhat.com> - 3.9.0-0.rc0.git8.1
- Linux v3.8-8664-gc41b381
* Tue Feb 26 2013 Kyle McMartin <kmcmarti@redhat.com>
- Add blk_queue_physical_block_size and register_netdevice to the symbols
used for initrd generation (synched from .el6)
- ipr.ko driven SAS VRAID cards found on x86_64 machines these days, and not
just on ppc64
* Tue Feb 26 2013 Josh Boyer <jwboyer@redhat.com>
- Fix vmalloc_fault oops during lazy MMU (rhbz 914737)
@ -2338,10 +2343,6 @@ fi
- Linux v3.8-523-gece8e0b
- Reenable debugging options.
* Wed Feb 20 2013 Kyle McMartin <kmcmarti@redhat.com>
- ipr.ko driven SAS VRAID cards found on x86_64 machines these days, and not
just on ppc64
* Tue Feb 19 2013 Josh Boyer <jwboyer@redhat.com> - 3.8.0-2
- Add pekey support from David Howells and rework secure-boot patchset on top
- Add support for Atheros 04ca:3004 bluetooth devices (rhbz 844750)

View File

@ -21,7 +21,7 @@ do
dir=`dirname $mod`
file=`basename $mod`
./scripts/sign-file ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \
./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \
${dir}/${file}.signed
mv ${dir}/${file}.signed ${dir}/${file}
rm -f ${dir}/${file}.{sig,dig}

View File

@ -1,2 +1,2 @@
1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz
5b2c2e1fcafc546999a7e5152c960fd2 patch-3.8-git7.xz
29acfe6af02f3a5088435190e21455e5 patch-3.8-git8.xz

View File

@ -1,15 +1,15 @@
diff --git a/kernel/module.c b/kernel/module.c
index 04379f92..d26c9a3 100644
index 921bed4..382414e 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2653,6 +2653,10 @@ static int check_module_license_and_versions(struct module *mod)
@@ -2873,6 +2873,10 @@ static int check_module_license_and_versions(struct module *mod)
if (strcmp(mod->name, "ndiswrapper") == 0)
add_taint(TAINT_PROPRIETARY_MODULE);
add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE);
+ /* vbox is garbage. */
+ if (strcmp(mod->name, "vboxdrv") == 0)
+ add_taint(TAINT_CRAP);
+ add_taint(TAINT_CRAP, LOCKDEP_NOW_UNRELIABLE);
+
/* driverloader was caught wrongly pretending to be under GPL */
if (strcmp(mod->name, "driverloader") == 0)
add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
add_taint_module(mod, TAINT_PROPRIETARY_MODULE,