git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Seth Forshee <seth.forshee@canonical.com>
	Thu, 10 Oct 2019 15:57:25 +0000 (10:57 -0500)
committer	Paolo Pisati <paolo.pisati@canonical.com>
	Tue, 2 Nov 2021 07:24:55 +0000 (08:24 +0100)
commit	9ba951d4e74ffe72f5fa7809e9fef8b7d2c8b95b
tree	fec2c07ada1e1377fb8e53f4378d71775559cd82	tree
parent	c2952ca4385d47f37ca7b683fe8a3317e403fa78	commit \| diff

UBUNTU: SAUCE: (lockdown) arm64: Allow locking down the kernel under EFI secure boot

Add support to arm64 for the CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
option. When enabled the lockdown LSM will be enabled with
maximum confidentiality when booted under EFI secure boot.

Based on an earlier patch by Linn Crosetto.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[v2: ported to 5.7-rc1 and adapted to the new fdt parsing mechanism]
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
(cherry picked from commit fb9c9645d977e23e9b494ce008d31507d872ffef)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

drivers/firmware/efi/efi-init.c		diff \| blob \| blame \| history
drivers/firmware/efi/fdtparams.c		diff \| blob \| blame \| history
drivers/firmware/efi/libstub/fdt.c		diff \| blob \| blame \| history
include/linux/efi.h		diff \| blob \| blame \| history