projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5d9795f) | patch
arm64: add kernel config option to set securelevel when in Secure Boot mode
authorLinn Crosetto <linn@hpe.com>
Tue, 30 Aug 2016 17:54:38 +0000 (11:54 -0600)
committerBen Hutchings <ben@decadent.org.uk>
Sun, 4 Jun 2017 02:03:01 +0000 (02:03 +0000)
commit263e4699dfb96c3f96a065bff135047c66b40567
tree99ac4ef303163d0c8601771344fd3ed72a3eafc1tree | snapshot
parent5d9795f376dc3b7e6ecf55721bc0de4c0be94b19commit | diff
arm64: add kernel config option to set securelevel when in Secure Boot mode

Add a kernel configuration option to enable securelevel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.

Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name arm64-add-kernel-config-option-to-set-securelevel-wh.patch
arch/arm64/Kconfig diff | blob | history
drivers/firmware/efi/arm-init.c diff | blob | history
drivers/firmware/efi/efi.c diff | blob | history
drivers/firmware/efi/libstub/arm-stub.c diff | blob | history
drivers/firmware/efi/libstub/efistub.h diff | blob | history
drivers/firmware/efi/libstub/fdt.c diff | blob | history
include/linux/efi.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.