Backpoprted new patches of Lock down functions for UEFI secure boot
authorLee, Chun-Yi <jlee@suse.com>
Thu, 31 Jul 2014 05:57:11 +0000 (13:57 +0800)
committerLee, Chun-Yi <jlee@suse.com>
Thu, 31 Jul 2014 05:57:11 +0000 (13:57 +0800)
commitf3af2f270b31670fa78cc07e7115446e1e927458
tree2b562df7d7c3e7f3a4b4a462f3ec9db9392de5a5
parent51a83f65f10813b01e90833f17291052bae09563
Backpoprted new patches of  Lock down functions for UEFI secure boot

Also updated series.conf and removed old patches.

- Add secure_modules() call (fate#314486, bnc#884333).
- PCI: Lock down BAR access when module security is enabled
  (fate#314486, bnc#884333).
- x86: Lock down IO port access when module security is enabled
  (fate#314486, bnc#884333).
- ACPI: Limit access to custom_method (fate#314486, bnc#884333).
- asus-wmi: Restrict debugfs interface when module loading is
  restricted (fate#314486, bnc#884333).
- Restrict /dev/mem and /dev/kmem when module loading is
  restricted (fate#314486, bnc#884333).
- acpi: Ignore acpi_rsdp kernel parameter when module loading
  is restricted (fate#314486, bnc#884333).
- kexec: Disable at runtime if the kernel enforces module loading
  restrictions (fate#314486, bnc#884333).
- uswsusp: Disable when module loading is restricted (fate#314486,
  bnc#884333).
- x86: Restrict MSR access when module loading is restricted
  (fate#314486, bnc#884333).
- Add option to automatically enforce module signatures when in
  Secure Boot mode (fate#314486, bnc#884333).
- hibernate: Disable in a signed modules environment (fate#314486,
  bnc#884333).
- Delete
  patches.suse/0001-modsign-Always-enforce-module-signing-in-a-Secure-Boot.patch.
- Delete
  patches.suse/0002_PCI_Lock_down_BAR_access_in_secure_boot_environments_v2.patch.
- Delete
  patches.suse/0003_x86_Lock_down_IO_port_access_in_secure_boot_environments_v2.patch.
- Delete
  patches.suse/0004_ACPI_Limit_access_to_custom_method_v2.patch.
- Delete
  patches.suse/0005_asus-wmi_Restrict_debugfs_interface_v2.patch.
- Delete
  patches.suse/0006_Restrict__dev_mem_and__dev_kmem_in_secure_boot_setups_v2.patch.
- Delete
  patches.suse/0008_efi_Enable_secure_boot_lockdown_automatically_when_enabled_in_firmware_v2.patch.
- Delete
  patches.suse/0009_acpi_Ignore_acpi_rsdp_kernel_parameter_in_a_secure_boot_environment_v2.patch.
- Delete
  patches.suse/0011-hibernate-Disable-in-a-Secure-Boot-environment.patch.
- Delete
  patches.suse/kexec-Disable-in-a-secure-boot-environment.patch.
- Delete
  patches.suse/x86-Require-CAP_COMPROMISE_KERNEL-for-MSR-writing.patch.
- Delete patches.suse/x86_microcode_set_comprise_kernel.patch.
25 files changed:
patches.suse/0001-modsign-Always-enforce-module-signing-in-a-Secure-Boot.patch [deleted file]
patches.suse/0001_V3_Add_secure_modules_call.patch [new file with mode: 0644]
patches.suse/0002_PCI_Lock_down_BAR_access_in_secure_boot_environments_v2.patch [deleted file]
patches.suse/0002_V3_PCI_Lock_down_BAR_access_when_module_security_is_enabled.patch [new file with mode: 0644]
patches.suse/0003_V3_x86_Lock_down_IO_port_access_when_module_security_is_enabled.patch [new file with mode: 0644]
patches.suse/0003_x86_Lock_down_IO_port_access_in_secure_boot_environments_v2.patch [deleted file]
patches.suse/0004_ACPI_Limit_access_to_custom_method_v2.patch [deleted file]
patches.suse/0004_V3_ACPI_Limit_access_to_custom_method.patch [new file with mode: 0644]
patches.suse/0005_V3_asus-wmi_Restrict_debugfs_interface_when_module_loading_is_restricted.patch [new file with mode: 0644]
patches.suse/0005_asus-wmi_Restrict_debugfs_interface_v2.patch [deleted file]
patches.suse/0006_Restrict__dev_mem_and__dev_kmem_in_secure_boot_setups_v2.patch [deleted file]
patches.suse/0006_V3_Restrict__dev_mem_and__dev_kmem_when_module_loading_is_restricted.patch [new file with mode: 0644]
patches.suse/0007_V3_acpi_Ignore_acpi_rsdp_kernel_parameter_when_module_loading_is_restricted.patch [new file with mode: 0644]
patches.suse/0008_V3_kexec_Disable_at_runtime_if_the_kernel_enforces_module_loading_restrictions.patch [new file with mode: 0644]
patches.suse/0008_efi_Enable_secure_boot_lockdown_automatically_when_enabled_in_firmware_v2.patch [deleted file]
patches.suse/0009_V3_uswsusp_Disable_when_module_loading_is_restricted.patch [new file with mode: 0644]
patches.suse/0009_acpi_Ignore_acpi_rsdp_kernel_parameter_in_a_secure_boot_environment_v2.patch [deleted file]
patches.suse/0010_V3_x86_Restrict_MSR_access_when_module_loading_is_restricted.patch [new file with mode: 0644]
patches.suse/0011-hibernate-Disable-in-a-Secure-Boot-environment.patch [deleted file]
patches.suse/0011_V3_Add_option_to_automatically_enforce_module_signatures_when_in_Secure_Boot_mode.patch [new file with mode: 0644]
patches.suse/0015_hibernate_Disable_in_a_signed_modules_environment.patch [new file with mode: 0644]
patches.suse/kexec-Disable-in-a-secure-boot-environment.patch [deleted file]
patches.suse/x86-Require-CAP_COMPROMISE_KERNEL-for-MSR-writing.patch [deleted file]
patches.suse/x86_microcode_set_comprise_kernel.patch [deleted file]
series.conf