projects / linux-4.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e08f3a8) | patch
arm64: add kernel config option to set securelevel when in Secure Boot mode
authorLinn Crosetto <linn@hpe.com>
Tue, 30 Aug 2016 17:54:38 +0000 (11:54 -0600)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 28 Sep 2017 17:27:56 +0000 (18:27 +0100)
commit29703e8676b137516312c331fa205a9fa8a43886
tree230c4d68d1ed4dd63a1af30bc9c58f0da132fb79tree | snapshot
parente08f3a85d3f6baa615bea8e02369c9612446bd18commit | diff
arm64: add kernel config option to set securelevel when in Secure Boot mode

Add a kernel configuration option to enable securelevel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.

Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name arm64-add-kernel-config-option-to-set-securelevel-wh.patch
arch/arm64/Kconfig diff | blob | history
drivers/firmware/efi/arm-init.c diff | blob | history
drivers/firmware/efi/efi.c diff | blob | history
drivers/firmware/efi/libstub/arm-stub.c diff | blob | history
drivers/firmware/efi/libstub/efistub.h diff | blob | history
drivers/firmware/efi/libstub/fdt.c diff | blob | history
include/linux/efi.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.