projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c23d8ae) | patch
Add option to automatically set securelevel when in Secure Boot mode
authorMatthew Garrett <mjg59@srcf.ucam.org>
Fri, 9 Aug 2013 22:36:30 +0000 (18:36 -0400)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 12 Jan 2017 15:52:37 +0000 (15:52 +0000)
commite5d8c01ae90246ceff41e6904e6c7cf150761b98
treef7a480e2ffb877ee1393216a2a424f022ac9f933tree | snapshot
parentc23d8ae8660a53a5cb13761e3057eef5fd65ebb3commit | diff
Add option to automatically set securelevel when in Secure Boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that the kernel prevent userspace from inserting untrusted kernel
code at runtime. Add a configuration option that enforces this automatically
when enabled.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name add-option-to-automatically-set-securelevel-when-in-.patch
Documentation/x86/zero-page.txt diff | blob | history
arch/x86/Kconfig diff | blob | history
arch/x86/boot/compressed/eboot.c diff | blob | history
arch/x86/include/uapi/asm/bootparam.h diff | blob | history
arch/x86/kernel/setup.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.