[linux] 01/02: Merge branch 'benh/secure-boot'

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Tue Apr 5 13:04:19 UTC 2016


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux.

commit 119c44d06df8681250c1b1a3285365d7273be657
Merge: 2499398 76de9f0
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Tue Apr 5 13:59:42 2016 +0100

    Merge branch 'benh/secure-boot'

 debian/bin/gencontrol.py                           |   1 +
 debian/certs/benh at debian.org.cert.pem              |  21 +++
 debian/changelog                                   |  10 +
 debian/config/alpha/defines                        |   2 +
 debian/config/armel/config.marvell                 |   1 +
 debian/config/armel/defines                        |   4 +
 debian/config/config                               |  16 +-
 debian/config/defines                              |   4 +
 debian/config/hppa/defines                         |   2 +
 debian/config/kernelarch-x86/config                |   1 +
 debian/config/m68k/defines                         |   2 +
 debian/config/mips/defines                         |   2 +
 debian/config/mips64/defines                       |   2 +
 debian/config/mips64el/defines                     |   2 +
 debian/config/mipsel/defines                       |   2 +
 debian/config/powerpcspe/defines                   |   2 +
 debian/config/ppc64/defines                        |   2 +
 debian/config/sh4/defines                          |   2 +
 debian/config/sparc64/defines                      |   2 +
 debian/copyright                                   |  37 ++--
 debian/lib/python/debian_linux/gencontrol.py       |   3 +-
 ...cripts-fix-x.509-pem-support-in-sign-file.patch |  37 ++++
 ...e-acpi-table-override-if-securelevel-is-s.patch |  64 +++++++
 ...e-apei-error-injection-if-securelevel-is-.patch |  45 +++++
 ...-acpi_rsdp-kernel-parameter-when-securele.patch |  36 ++++
 ...access-to-custom_method-if-securelevel-is.patch |  36 ++++
 .../add-bsd-style-securelevel-support.patch        | 208 +++++++++++++++++++++
 ...to-automatically-set-securelevel-when-in-.patch | 148 +++++++++++++++
 ...strict-debugfs-interface-when-securelevel.patch |  57 ++++++
 ...e-secure-boot-if-shim-is-in-insecure-mode.patch |  66 +++++++
 .../enable-cold-boot-attack-mitigation.patch       |  49 +++++
 ...ule-signatures-when-securelevel-is-greate.patch |  24 +++
 ...hibernate-disable-when-securelevel-is-set.patch |  36 ++++
 ...le-at-runtime-if-securelevel-has-been-set.patch |  36 ++++
 ...copy-secure_boot-flag-in-boot-params-acro.patch |  32 ++++
 ...wn-bar-access-when-securelevel-is-enabled.patch | 108 +++++++++++
 ...v-mem-and-dev-kmem-when-securelevel-is-se.patch |  38 ++++
 .../uswsusp-disable-when-securelevel-is-set.patch  |  36 ++++
 ...wn-io-port-access-when-securelevel-is-ena.patch |  74 ++++++++
 ...strict-msr-access-when-securelevel-is-set.patch |  46 +++++
 debian/patches/series                              |  21 +++
 debian/rules.d/scripts/Makefile                    |   5 +-
 debian/templates/control.source.in                 |   2 +-
 43 files changed, 1303 insertions(+), 21 deletions(-)

diff --cc debian/changelog
index f69110d,837d029..8f5b3dc
--- a/debian/changelog
+++ b/debian/changelog
@@@ -9,15 -8,17 +9,25 @@@ linux (4.5-1~exp2) UNRELEASED; urgency=
      write support
    * Merge linux-tools source package into linux
      (Closes: #550379, #573483, #816500)
+   * Add Matthew Garrett's securelevel patchset in preparation for Secure Boot
+     support (see Documentation/security/securelevel.txt)
+   * modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
+     as signatures will be packaged separately
+     - debian/control: Add build-dependencies on libssl-dev, openssl
+     - debian/copyright: Note that extract-cert and sign-file are under LGPL 2.1
+     - linux-kbuild: Add extract-cert and sign-file programs
+     - scripts: Fix X.509 PEM support in sign-file
+   * certs: Set SYSTEM_TRUSTED_KEYS to my own personal certificate to support
+     initial testing of signed modules
  
 +  [ Aurelien Jarno ]
 +  * [mipsel/mips/config.loongson-2f] Disable VIDEO_CX23885, VIDEO_IVTV,
 +    VIDEO_CX231XX, VIDEO_PVRUSB2 (fixes FTBFS).
 +  * [mips*/octeon] Backport OCTEON SATA controller support from 4.6-rc1.
 +    Enable AHCI_OCTEON and SATA_AHCI_PLATFORM.
 +  * [mips*/octeon] Backport Octeon III CN7xxx interface detection from
 +    4.7 queue.
 +
   -- Ben Hutchings <ben at decadent.org.uk>  Fri, 25 Mar 2016 13:43:57 +0000
  
  linux-tools (4.5-1~exp1) experimental; urgency=medium

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list