OpenCloudOS-Kernel/arch
Dave Young fef5dad987 lockdown: Copy secure_boot flag in boot params across kexec reboot
Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load.  In this state, the system is missing the protections provided
by secure boot.

Adding a patch to fix this by retain the secure_boot flag in original
kernel.

secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub.  Fixing this issue by copying secure_boot flag across kexec reboot.

Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: kexec@lists.infradead.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:15 -07:00
..
alpha treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
arc ARC fixes for 5.2-rc7 2019-06-29 17:05:58 +08:00
arm This set of patches fixes regressions introduced in v5.2 kernel when DA8xx 2019-07-02 15:13:20 -07:00
arm64 x86 bugfix patches and one compilation fix for ARM. 2019-07-05 19:13:24 -07:00
c6x treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
csky csky: Fixup libgcc unwind error 2019-06-26 13:45:48 +08:00
h8300 treewide: Add SPDX license identifier - Kbuild 2019-05-30 11:32:33 -07:00
hexagon treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 267 2019-06-05 17:30:29 +02:00
ia64 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
m68k treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
microblaze treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mips A few more MIPS fixes: 2019-07-06 10:32:12 -07:00
nds32 nds32 patches for 5.2-rc3 2019-06-03 10:23:41 -07:00
nios2 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234 2019-06-19 17:09:07 +02:00
openrisc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
parisc Merge branch 'parisc-5.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2019-06-25 05:52:31 +08:00
powerpc powerpc fixes for 5.2 #7 2019-06-30 11:20:52 +08:00
riscv riscv: mm: Fix code comment 2019-06-26 15:10:30 -07:00
s390 s390/ctl_reg: mark __ctl_set_bit and __ctl_clear_bit as __always_inline 2019-06-11 09:47:10 +02:00
sh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sparc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 482 2019-06-19 17:09:52 +02:00
um treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
unicore32 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
x86 lockdown: Copy secure_boot flag in boot params across kexec reboot 2019-08-19 21:54:15 -07:00
xtensa treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
.gitignore
Kconfig Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-16 11:00:20 -07:00