git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	David Howells <dhowells@redhat.com>
	Thu, 19 Oct 2017 13:05:02 +0000 (14:05 +0100)
committer	Seth Forshee <seth.forshee@canonical.com>
	Mon, 29 Jan 2018 13:45:03 +0000 (07:45 -0600)
commit	f80de0c35cc77cc0e46d9c3c4a16095a096b6ada
tree	480625796de53bf9822e1a5dd5b1de4624527f7f	tree
parent	f371f81a5d691b1ca6ab4386a780bd719ba162b3	commit \| diff

UBUNTU: SAUCE: (efi-lockdown) efi: Lock down the kernel if booted in secure boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that all kernel modules also be signed. Add a configuration option
that to lock down the kernel - which includes requiring validly signed
modules - if the kernel is secure-booted.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org
(cherry picked from commit 38fe03c2891718e53db9d51f414fef96055dacad
git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

arch/x86/kernel/setup.c		diff \| blob \| blame \| history
security/Kconfig		diff \| blob \| blame \| history
security/lock_down.c		diff \| blob \| blame \| history