Backpoprted new patches of Lock down functions for UEFI secure boot
authorLee, Chun-Yi <jlee@suse.com>
Thu, 31 Jul 2014 05:57:11 +0000 (13:57 +0800)
committerLee, Chun-Yi <jlee@suse.com>
Thu, 31 Jul 2014 05:57:11 +0000 (13:57 +0800)
commit8bcdfe4f56e3b3ab2091eaf1c0a1c1e10d7afd7d
treed3f6886e798df53faac4463a4b8bbdfda1b449f0
parentb679b493a04c18df675d7524dad7add948c77bf3
Backpoprted new patches of  Lock down functions for UEFI secure boot

Also updated series.conf and removed old patches.

- Add secure_modules() call (fate#314486, bnc#884333).
- PCI: Lock down BAR access when module security is enabled
  (fate#314486, bnc#884333).
- x86: Lock down IO port access when module security is enabled
  (fate#314486, bnc#884333).
- ACPI: Limit access to custom_method (fate#314486, bnc#884333).
- asus-wmi: Restrict debugfs interface when module loading is
  restricted (fate#314486, bnc#884333).
- Restrict /dev/mem and /dev/kmem when module loading is
  restricted (fate#314486, bnc#884333).
- acpi: Ignore acpi_rsdp kernel parameter when module loading
  is restricted (fate#314486, bnc#884333).
- kexec: Disable at runtime if the kernel enforces module loading
  restrictions (fate#314486, bnc#884333).
- uswsusp: Disable when module loading is restricted (fate#314486,
  bnc#884333).
- x86: Restrict MSR access when module loading is restricted
  (fate#314486, bnc#884333).
- Add option to automatically enforce module signatures when in
  Secure Boot mode (fate#314486, bnc#884333).
- hibernate: Disable in a signed modules environment (fate#314486,
  bnc#884333).
- Delete
  patches.suse/0001-modsign-Always-enforce-module-signing-in-a-Secure-Boot.patch.
- Delete
  patches.suse/0002_PCI_Lock_down_BAR_access_in_secure_boot_environments_v2.patch.
- Delete
  patches.suse/0003_x86_Lock_down_IO_port_access_in_secure_boot_environments_v2.patch.
- Delete
  patches.suse/0004_ACPI_Limit_access_to_custom_method_v2.patch.
- Delete
  patches.suse/0005_asus-wmi_Restrict_debugfs_interface_v2.patch.
- Delete
  patches.suse/0006_Restrict__dev_mem_and__dev_kmem_in_secure_boot_setups_v2.patch.
- Delete
  patches.suse/0008_efi_Enable_secure_boot_lockdown_automatically_when_enabled_in_firmware_v2.patch.
- Delete
  patches.suse/0009_acpi_Ignore_acpi_rsdp_kernel_parameter_in_a_secure_boot_environment_v2.patch.
- Delete
  patches.suse/0011-hibernate-Disable-in-a-Secure-Boot-environment.patch.
- Delete
  patches.suse/kexec-Disable-in-a-secure-boot-environment.patch.
- Delete
  patches.suse/x86-Require-CAP_COMPROMISE_KERNEL-for-MSR-writing.patch.
- Delete patches.suse/x86_microcode_set_comprise_kernel.patch.

suse-commit: f3af2f270b31670fa78cc07e7115446e1e927458
Note: This patch series did not apply
BROKEN [new file with mode: 0644]