ACK: [PATCH 0/9][D] Lockdown updates

Stefan Bader stefan.bader at canonical.com
Fri Jun 19 12:58:14 UTC 2020 

On 19.06.20 01:14, Seth Forshee wrote:
> BugLink: https://bugs.launchpad.net/bugs/1884159
> 
> The following changes since commit e0ed87ef9ee974e776ba756b1e6cea9f373165d4:
> 
>   UBUNTU: Ubuntu-5.0.0-53.57 (2020-06-08 18:13:10 -0300)
> 
> are available in the Git repository at:
> 
>   git://git.launchpad.net/~sforshee/ubuntu/+source/linux/+git/disco lockdown-updates
> 
> for you to fetch changes up to 9f1a24f069a85e506e8e0cb35ec0c80ee8d553ad:
> 
>   UBUNTU: [Config] CONFIG_XMON_DEFAULT_RO_MODE=y (2020-06-16 16:48:08 -0500)
> 
> Thanks,
> Seth
> 
> ----------------------------------------------------------------
> Christopher M. Riedl (2):
>   powerpc/xmon: add read-only mode
>   powerpc/xmon: Restrict when kernel is locked down
> 
> Jason A. Donenfeld (1):
>   UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked
>     down
> 
> Javier Martinez Canillas (1):
>   efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
> 
> Jiri Bohac (2):
>   UBUNTU: SAUCE: (efi-lockdown) kexec_file: split KEXEC_VERIFY_SIG into
>     KEXEC_SIG and KEXEC_SIG_FORCE
>   UBUNTU: SAUCE: (efi-lockdown) kexec_file: Restrict at runtime if the
>     kernel is locked down
> 
> Matthew Garrett (1):
>   efi: Restrict efivar_ssdt_load when the kernel is locked down
> 
> Seth Forshee (2):
>   UBUNTU: [Config] Update kexec signature config options
>   UBUNTU: [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
> 
>  arch/powerpc/Kconfig.debug                |   8 ++
>  arch/powerpc/xmon/xmon.c                  | 132 ++++++++++++++++++----
>  arch/x86/Kconfig                          |  20 +++-
>  crypto/asymmetric_keys/verify_pefile.c    |   4 +-
>  debian.master/config/config.common.ubuntu |   3 +
>  drivers/acpi/acpi_configfs.c              |   4 +
>  drivers/firmware/efi/efi.c                |   5 +
>  drivers/firmware/efi/test/efi_test.c      |   7 ++
>  include/linux/kexec.h                     |   4 +-
>  kernel/kexec_file.c                       |  54 +++++++--
>  10 files changed, 205 insertions(+), 36 deletions(-)
> 
Acked-by: Stefan Bader <stefan.bader at canonical.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200619/6d5364ae/attachment.sig>

More information about the kernel-team mailing list