projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f5f818) | patch
Add option to automatically set securelevel when in Secure Boot mode
authorMatthew Garrett <mjg59@srcf.ucam.org>
Fri, 9 Aug 2013 22:36:30 +0000 (18:36 -0400)
committerBen Hutchings <ben@decadent.org.uk>
Tue, 2 May 2017 15:21:44 +0000 (15:21 +0000)
commit55b95e7ac8d2c6c1c301c7fbe8e70ac88004ec64
tree5ec4d0c4230c53885cbddfd33c90b52a4468dffbtree | snapshot
parent0f5f818eea5aeec54773572be0ddcd0c7c678fd1commit | diff
Add option to automatically set securelevel when in Secure Boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that the kernel prevent userspace from inserting untrusted kernel
code at runtime. Add a configuration option that enforces this automatically
when enabled.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name add-option-to-automatically-set-securelevel-when-in-.patch
Documentation/x86/zero-page.txt diff | blob | history
arch/x86/Kconfig diff | blob | history
arch/x86/boot/compressed/eboot.c diff | blob | history
arch/x86/include/uapi/asm/bootparam.h diff | blob | history
arch/x86/kernel/setup.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.