[linux] 02/04: efi: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT, replacing EFI_SECURE_BOOT_LOCK_DOWN

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sat Dec 30 16:23:32 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux.

commit cb21ae6740199c92d7d4ac7206c644cbfe991a41
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sat Dec 30 16:04:43 2017 +0000

    efi: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT, replacing EFI_SECURE_BOOT_LOCK_DOWN
---
 debian/changelog                    | 2 ++
 debian/config/arm64/config          | 1 -
 debian/config/config                | 1 +
 debian/config/kernelarch-x86/config | 1 -
 4 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e426d9b..2f1188c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ linux (4.15~rc5-1~exp2) UNRELEASED; urgency=medium
 
   * [arm64] Update "add kernel config option to lock down when in Secure Boot
     mode" for 4.15
+  * efi: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT, replacing
+    EFI_SECURE_BOOT_LOCK_DOWN
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 30 Dec 2017 16:00:15 +0000
 
diff --git a/debian/config/arm64/config b/debian/config/arm64/config
index 8b09bf5..e7e0f56 100644
--- a/debian/config/arm64/config
+++ b/debian/config/arm64/config
@@ -23,7 +23,6 @@ CONFIG_ARM64_PMEM=y
 CONFIG_RANDOMIZE_BASE=y
 CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
 CONFIG_ARM64_ACPI_PARKING_PROTOCOL=y
-CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y
 CONFIG_COMPAT=y
 
 ##
diff --git a/debian/config/config b/debian/config/config
index 3b6e1ff..3e41c0a 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -7100,6 +7100,7 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_LOCK_DOWN_KERNEL=y
+CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
 ## choice: Default security module
 CONFIG_DEFAULT_SECURITY_APPARMOR=y
 ## end choice
diff --git a/debian/config/kernelarch-x86/config b/debian/config/kernelarch-x86/config
index 94215d3..a003e48 100644
--- a/debian/config/kernelarch-x86/config
+++ b/debian/config/kernelarch-x86/config
@@ -55,7 +55,6 @@ CONFIG_X86_SMAP=y
 CONFIG_X86_INTEL_MPX=y
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
-CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y
 CONFIG_SECCOMP=y
 CONFIG_KEXEC=y
 CONFIG_CRASH_DUMP=y

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list