efi: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT, replacing EFI_SECURE_BOOT_LOCK_DOWN
This commit is contained in:
parent
20aa9b586e
commit
cb21ae6740
|
@ -2,6 +2,8 @@ linux (4.15~rc5-1~exp2) UNRELEASED; urgency=medium
|
|||
|
||||
* [arm64] Update "add kernel config option to lock down when in Secure Boot
|
||||
mode" for 4.15
|
||||
* efi: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT, replacing
|
||||
EFI_SECURE_BOOT_LOCK_DOWN
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sat, 30 Dec 2017 16:00:15 +0000
|
||||
|
||||
|
|
|
@ -23,7 +23,6 @@ CONFIG_ARM64_PMEM=y
|
|||
CONFIG_RANDOMIZE_BASE=y
|
||||
CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
|
||||
CONFIG_ARM64_ACPI_PARKING_PROTOCOL=y
|
||||
CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y
|
||||
CONFIG_COMPAT=y
|
||||
|
||||
##
|
||||
|
|
|
@ -7100,6 +7100,7 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768
|
|||
CONFIG_HARDENED_USERCOPY=y
|
||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL=y
|
||||
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
|
||||
## choice: Default security module
|
||||
CONFIG_DEFAULT_SECURITY_APPARMOR=y
|
||||
## end choice
|
||||
|
|
|
@ -55,7 +55,6 @@ CONFIG_X86_SMAP=y
|
|||
CONFIG_X86_INTEL_MPX=y
|
||||
CONFIG_EFI=y
|
||||
CONFIG_EFI_STUB=y
|
||||
CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y
|
||||
CONFIG_SECCOMP=y
|
||||
CONFIG_KEXEC=y
|
||||
CONFIG_CRASH_DUMP=y
|
||||
|
|
Loading…
Reference in New Issue