git.proxmox.com Git - mirror_ubuntu-impish-kernel.git/commit

author	Seth Forshee <seth.forshee@canonical.com>
	Thu, 10 Oct 2019 15:57:25 +0000 (10:57 -0500)
committer	Andrea Righi <andrea.righi@canonical.com>
	Mon, 28 Jun 2021 06:03:58 +0000 (08:03 +0200)
commit	3b8ac71dc076481648ca8b182fa4c6fb48f238f0
tree	0f7f38bc321585e13c52a93f01ed66aa96740048	tree
parent	fb4aff6d4ed3eb3f8840ad37eaca12c1151b6d62	commit \| diff

UBUNTU: SAUCE: (lockdown) arm64: Allow locking down the kernel under EFI secure boot

Add support to arm64 for the CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
option. When enabled the lockdown LSM will be enabled with
maximum confidentiality when booted under EFI secure boot.

Based on an earlier patch by Linn Crosetto.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[v2: ported to 5.7-rc1 and adapted to the new fdt parsing mechanism]
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
(cherry picked from commit fb9c9645d977e23e9b494ce008d31507d872ffef)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

drivers/firmware/efi/efi-init.c		diff \| blob \| blame \| history
drivers/firmware/efi/fdtparams.c		diff \| blob \| blame \| history
drivers/firmware/efi/libstub/fdt.c		diff \| blob \| blame \| history
include/linux/efi.h		diff \| blob \| blame \| history