Trusty SRU - correct regression released with Ubuntu-3.13.0-92.139
Tim Gardner
tim.gardner at canonical.com
Tue Aug 23 15:56:01 UTC 2016
This patch set reverts all patches related to signed module enforcement
due to an arm64 boot regression. See attached pull request.
http://bugs.launchpad.net/bugs/1608854
rtg
--
Tim Gardner tim.gardner at canonical.com
-------------- next part --------------
The following changes since commit e019b941afbee1ac81ebef6131cb02a23ba3e577:
ipv6: add complete rcu protection around np->opt (2016-08-16 10:45:15 -0700)
are available in the git repository at:
git://kernel.ubuntu.com/rtg/ubuntu-trusty.git arm64-efi-lp1608854-revert
for you to fetch changes up to 2f43c430ffd83a3867edfa0340be459127f64289:
Revert "efi: Add separate 32-bit/64-bit definitions" (2016-08-23 08:37:37 -0600)
----------------------------------------------------------------
Tim Gardner (20):
Revert "UBUNTU: [Config] CONFIG_EFI=n for arm64"
Revert "UBUNTU: SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility"
Revert "UBUNTU: SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl"
Revert "UBUNTU: SAUCE: UEFI: Display MOKSBState when disabled"
Revert "UBUNTU: SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode"
Revert "UBUNTU: SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot"
Revert "UBUNTU: SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI"
Revert "UBUNTU: SAUCE: UEFI: Add option to automatically enforce module signatures when in Secure Boot mode"
Revert "UBUNTU: [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y"
Revert "UBUNTU: SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading restrictions"
Revert "UBUNTU: SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: ACPI: Limit access to custom_method"
Revert "UBUNTU: SAUCE: UEFI: x86: Lock down IO port access when module security is enabled"
Revert "UBUNTU: SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled"
Revert "UBUNTU: SAUCE: UEFI: Add secure_modules() call"
Revert "x86/efi: Build our own EFI services pointer table"
Revert "efi: Add separate 32-bit/64-bit definitions"
Documentation/x86/zero-page.txt | 2 -
arch/x86/Kconfig | 11 -
arch/x86/boot/compressed/eboot.c | 374 ++++++-------------------
arch/x86/boot/compressed/eboot.h | 60 ----
arch/x86/boot/compressed/head_32.S | 48 +---
arch/x86/boot/compressed/head_64.S | 57 +---
arch/x86/include/uapi/asm/bootparam.h | 3 +-
arch/x86/kernel/ioport.c | 5 +-
arch/x86/kernel/msr.c | 7 -
arch/x86/kernel/setup.c | 13 -
debian.master/config/amd64/config.common.amd64 | 1 -
debian.master/config/arm64/config.common.arm64 | 1 -
debian.master/config/config.common.ubuntu | 5 +-
debian.master/config/i386/config.common.i386 | 1 -
drivers/acpi/custom_method.c | 3 -
drivers/acpi/osl.c | 3 +-
drivers/char/mem.c | 10 -
drivers/firmware/efi/efi-stub-helper.c | 148 +++++++---
drivers/pci/pci-sysfs.c | 10 -
drivers/pci/proc.c | 8 +-
drivers/pci/syscall.c | 3 +-
drivers/platform/x86/asus-wmi.c | 9 -
include/linux/efi.h | 262 -----------------
include/linux/module.h | 13 -
init/Kconfig | 9 -
kernel/Makefile | 3 -
kernel/kexec.c | 3 +-
kernel/modsign_uefi.c | 92 ------
kernel/module.c | 17 --
kernel/sysctl.c | 31 --
30 files changed, 222 insertions(+), 990 deletions(-)
delete mode 100644 kernel/modsign_uefi.c
More information about the kernel-team
mailing list