projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd66745) | patch
arm64: add kernel config option to set securelevel when in Secure Boot mode
authorLinn Crosetto <linn@hpe.com>
Tue, 30 Aug 2016 17:54:38 +0000 (11:54 -0600)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 30 Mar 2017 01:16:33 +0000 (01:16 +0000)
commitd5be45f14a03d7516abf33e3466783761fcda28c
tree7690d9a3945b194cdc43f13c72ef485916f9b7fbtree | snapshot
parentcd66745d453deb09d1fda8191fd07f2be64eef3acommit | diff
arm64: add kernel config option to set securelevel when in Secure Boot mode

Add a kernel configuration option to enable securelevel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.

Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name arm64-add-kernel-config-option-to-set-securelevel-wh.patch
arch/arm64/Kconfig diff | blob | history
drivers/firmware/efi/arm-init.c diff | blob | history
drivers/firmware/efi/efi.c diff | blob | history
drivers/firmware/efi/libstub/arm-stub.c diff | blob | history
drivers/firmware/efi/libstub/efistub.h diff | blob | history
drivers/firmware/efi/libstub/fdt.c diff | blob | history
include/linux/efi.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.