[GIT PULL] EFI updates for v5.19

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Linus,

Please pull the changes below. Note the conflict in drivers/virt/Kconfig and
Makefile: this is due to CoCo changes arriving via different trees, and the
resolution is obvious.

Thanks,
Ard.


The following changes since commit 3123109284176b1532874591f7c81f3837bbdc17:

  Linux 5.18-rc1 (2022-04-03 14:08:21 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-next-for-v5.19

for you to fetch changes up to 3f68e69520d3d52d66a6ad872a75b7d8f2ea7665:

  riscv/efi_stub: Add support for RISCV_EFI_BOOT_PROTOCOL (2022-05-19 10:22:17 +0200)

----------------------------------------------------------------
EFI updates for v5.19

- Allow runtime services to be re-enabled at boot on RT kernels.
- Provide access to secrets injected into the boot image by CoCo
  hypervisors (COnfidential COmputing)
- Use DXE services on x86 to make the boot image executable after
  relocation, if needed.
- Prefer mirrored memory for randomized allocations.
- Only randomize the placement of the kernel image on arm64 if the
  loader has not already done so.
- Add support for obtaining the boot hartid from EFI on RISC-V.

----------------------------------------------------------------
Ard Biesheuvel (3):
      efi: libstub: pass image handle to handle_kernel_image()
      efi/arm64: libstub: run image in place if randomized by the loader
      efi: stub: prefer mirrored memory for randomized allocations

Baskov Evgeniy (2):
      efi: libstub: declare DXE services table
      efi: libstub: ensure allocated memory to be executable

Dov Murik (4):
      efi: Save location of EFI confidential computing area
      virt: Add efi_secret module to expose confidential computing secrets
      efi: Register efi_secret platform device if EFI secret area is declared
      docs: security: Add secrets/coco documentation

Jan Kiszka (1):
      efi: Add missing prototype for efi_capsule_setup_info

Javier Martinez Canillas (1):
      efi: Allow to enable EFI runtime services by default on RT

Peter Jones (1):
      efi: x86: Set the NX-compatibility flag in the PE header

Sunil V L (1):
      riscv/efi_stub: Add support for RISCV_EFI_BOOT_PROTOCOL

 Documentation/ABI/testing/securityfs-secrets-coco |  51 ++++
 Documentation/security/index.rst                  |   1 +
 Documentation/security/secrets/coco.rst           | 103 +++++++
 Documentation/security/secrets/index.rst          |   9 +
 arch/x86/boot/header.S                            |   4 +
 arch/x86/include/asm/efi.h                        |   5 +
 arch/x86/platform/efi/efi.c                       |   3 +
 drivers/firmware/efi/Kconfig                      |  43 +++
 drivers/firmware/efi/efi.c                        |  13 +-
 drivers/firmware/efi/libstub/arm32-stub.c         |   3 +-
 drivers/firmware/efi/libstub/arm64-stub.c         |  15 +-
 drivers/firmware/efi/libstub/efi-stub.c           |   2 +-
 drivers/firmware/efi/libstub/efistub.h            |  84 +++++-
 drivers/firmware/efi/libstub/randomalloc.c        |  11 +
 drivers/firmware/efi/libstub/riscv-stub.c         |  32 +-
 drivers/firmware/efi/libstub/x86-stub.c           | 119 +++++++-
 drivers/virt/Kconfig                              |   3 +
 drivers/virt/Makefile                             |   1 +
 drivers/virt/coco/efi_secret/Kconfig              |  16 +
 drivers/virt/coco/efi_secret/Makefile             |   2 +
 drivers/virt/coco/efi_secret/efi_secret.c         | 349 ++++++++++++++++++++++
 include/linux/efi.h                               |  27 ++
 22 files changed, 876 insertions(+), 20 deletions(-)
 create mode 100644 Documentation/ABI/testing/securityfs-secrets-coco
 create mode 100644 Documentation/security/secrets/coco.rst
 create mode 100644 Documentation/security/secrets/index.rst
 create mode 100644 drivers/virt/coco/efi_secret/Kconfig
 create mode 100644 drivers/virt/coco/efi_secret/Makefile
 create mode 100644 drivers/virt/coco/efi_secret/efi_secret.c



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux