Refresh Secure Boot patchset

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Refresh Secure Boot patchset
From: Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
Date: Tue, 25 Oct 2016 13:24:01 -0400
Archived-at: <https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx/message/V3UT4J6H5STX2KW3LU23OSZKOAHWHDEU/>

The upstream 0-day bot found an issue with the existing patchset in the
rawhide kernel.  Everything builds fine as a whole, but if one were to
bisect the patches, a build would break because the shim GUID is used
in a patch before it is actually defined.

Fix this by inserting a patch in the series to explicitly define that
and the image security database GUIDs.  This posting is a refresh of the 
whole series, for completeness.

josh
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- Re: Refresh Secure Boot patchset
  - From: Laura Abbott
- [PATCH 20/20] Add sysrq option to disable secure boot mode
  - From: Josh Boyer
- [PATCH 19/20] MODSIGN: Support not importing certs from db
  - From: Josh Boyer
- [PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot
  - From: Josh Boyer
- [PATCH 17/20] KEYS: Add a system blacklist keyring
  - From: Josh Boyer
- [PATCH 16/20] Add an EFI signature blob parser and key loader.
  - From: Josh Boyer
- [PATCH 15/20] Add EFI signature data types
  - From: Josh Boyer
- [PATCH 14/20] hibernate: Disable in a signed modules environment
  - From: Josh Boyer
- [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
  - From: Josh Boyer
- [PATCH 12/20] efi: Disable secure boot if shim is in insecure mode
  - From: Josh Boyer
- [PATCH 11/20] efi: Add SHIM and image security database GUID definitions
  - From: Josh Boyer
- [PATCH 10/20] Add option to automatically enforce module signatures when in Secure Boot mode
  - From: Josh Boyer
- [PATCH 09/20] x86: Restrict MSR access when module loading is restricted
  - From: Josh Boyer
- [PATCH 08/20] kexec: Disable at runtime if the kernel enforces module loading restrictions
  - From: Josh Boyer
- [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted
  - From: Josh Boyer
- [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is restricted
  - From: Josh Boyer
- [PATCH 05/20] asus-wmi: Restrict debugfs interface when module loading is restricted
  - From: Josh Boyer
- [PATCH 04/20] ACPI: Limit access to custom_method
  - From: Josh Boyer
- [PATCH 03/20] x86: Lock down IO port access when module security is enabled
  - From: Josh Boyer
- [PATCH 02/20] PCI: Lock down BAR access when module security is enabled
  - From: Josh Boyer
- [PATCH 01/20] Add secure_modules() call
  - From: Josh Boyer

Prev by Date: [kernel-tests] 01/01: Fix path thinko in sysfs-perms error path
Next by Date: [PATCH 01/20] Add secure_modules() call
Previous by thread: [kernel-tests] 01/01: Fix path thinko in sysfs-perms error path
Next by thread: [PATCH 01/20] Add secure_modules() call
Index(es):
- Date
- Thread

[Index of Archives] [Fedora General Discussion] [Older Fedora Users Archive] [Fedora Advisory Board] [Fedora Security] [Fedora Devel Java] [Fedora Legacy] [Fedora Desktop] [ATA RAID] [Fedora Marketing] [Fedora Mentors] [Fedora Package Announce] [Fedora Package Review] [Fedora Music] [Fedora Packaging] [Centos] [Fedora SELinux] [Coolkey] [Yum Users] [Tux] [Yosemite News] [KDE Users] [Fedora Art] [Fedora Docs] [USB] [Asterisk PBX]