dgit.raspbian.org Git - linux.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 8 Nov 2017 15:11:37 +0000 (15:11 +0000)
committer	Bastian Blank <waldi@debian.org>
	Sun, 16 Dec 2018 18:45:54 +0000 (18:45 +0000)
commit	e9419bf768dd548b8c9b8d675a25104cebd8b413
tree	ab905b7927ab7d54bcc6b8f011a8ad00b2b99751	tree \| snapshot
parent	3a0366ae050726a3346e695d24571aa6a834b9b6	commit \| diff

efi: Lock down the kernel if booted in secure boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that all kernel modules also be signed. Add a configuration option
that to lock down the kernel - which includes requiring validly signed
modules - if the kernel is secure-booted.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch

arch/x86/kernel/setup.c		diff \| blob \| history
security/Kconfig		diff \| blob \| history
security/lock_down.c		diff \| blob \| history