rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Switch Secure Boot to lock down in integrity mode (rhbz 1815571)

This commit is contained in:
Jeremy Cline 2020-03-20 17:56:53 -04:00
parent f6d71673bd
commit aca1c25ebf
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
efi-secureboot.patch
View File

@ -303,7 +303,7 @@ index 1797623b0c3a..fa8ac411bf6e 100644
+
+#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
+ if (efi_enabled(EFI_SECURE_BOOT))
+ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_CONFIDENTIALITY_MAX);
+ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX);
+#endif
+
dmi_setup();

4
s390-Lock-down-the-kernel-when-the-IPL-secure-flag-i.patch
View File

@ -3,7 +3,7 @@ From: Jeremy Cline <jcline@redhat.com>
Date: Wed, 30 Oct 2019 14:37:49 +0000
Subject: [PATCH] s390: Lock down the kernel when the IPL secure flag is set
Automatically lock down the kernel to LOCKDOWN_CONFIDENTIALITY_MAX if
Automatically lock down the kernel to LOCKDOWN_INTEGRITY_MAX if
the IPL secure flag is set.
Suggested-by: Philipp Rudo <prudo@redhat.com>
@ -56,7 +56,7 @@ index 9cbf490fd162..0510ecdfc3f6 100644
log_component_list();
+ if (ipl_get_secureboot())
+ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_CONFIDENTIALITY_MAX);
+ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX);
+
/* Have one command line that is parsed and saved in /proc/cmdline */
/* boot_command_line has been already set up in early.c */