dgit.raspbian.org Git - linux.git/commit

author	Linn Crosetto <linn@hpe.com>
	Wed, 5 Apr 2017 16:40:31 +0000 (17:40 +0100)
committer	Ben Hutchings <ben@decadent.org.uk>
	Thu, 16 Nov 2017 21:04:10 +0000 (21:04 +0000)
commit	fa8ef7c24a94e305aa1a66813aa7896727bf65b3
tree	f8796814b24ee5a2c021c291d80dc83e8f40040b	tree \| snapshot
parent	272c3dea1496d9da89fd0b41f8ac8833c5e3b170	commit \| diff

acpi: Disable APEI error injection if the kernel is locked down

ACPI provides an error injection mechanism, EINJ, for debugging and testing
the ACPI Platform Error Interface (APEI) and other RAS features. If
supported by the firmware, ACPI specification 5.0 and later provide for a
way to specify a physical memory address to which to inject the error.

Injecting errors through EINJ can produce errors which to the platform are
indistinguishable from real hardware errors. This can have undesirable
side-effects, such as causing the platform to mark hardware as needing
replacement.

While it does not provide a method to load unauthenticated privileged code,
the effect of these errors may persist across reboots and affect trust in
the underlying hardware, so disable error injection through EINJ if
the kernel is locked down.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch