efi: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT, replacing EFI_SECURE_BOOT_LOCK_DOWN
This commit is contained in:
parent
20aa9b586e
commit
cb21ae6740
|
@ -2,6 +2,8 @@ linux (4.15~rc5-1~exp2) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
* [arm64] Update "add kernel config option to lock down when in Secure Boot
|
* [arm64] Update "add kernel config option to lock down when in Secure Boot
|
||||||
mode" for 4.15
|
mode" for 4.15
|
||||||
|
* efi: Enable LOCK_DOWN_IN_EFI_SECURE_BOOT, replacing
|
||||||
|
EFI_SECURE_BOOT_LOCK_DOWN
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Sat, 30 Dec 2017 16:00:15 +0000
|
-- Ben Hutchings <ben@decadent.org.uk> Sat, 30 Dec 2017 16:00:15 +0000
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,6 @@ CONFIG_ARM64_PMEM=y
|
||||||
CONFIG_RANDOMIZE_BASE=y
|
CONFIG_RANDOMIZE_BASE=y
|
||||||
CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
|
CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
|
||||||
CONFIG_ARM64_ACPI_PARKING_PROTOCOL=y
|
CONFIG_ARM64_ACPI_PARKING_PROTOCOL=y
|
||||||
CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y
|
|
||||||
CONFIG_COMPAT=y
|
CONFIG_COMPAT=y
|
||||||
|
|
||||||
##
|
##
|
||||||
|
|
|
@ -7100,6 +7100,7 @@ CONFIG_LSM_MMAP_MIN_ADDR=32768
|
||||||
CONFIG_HARDENED_USERCOPY=y
|
CONFIG_HARDENED_USERCOPY=y
|
||||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||||
CONFIG_LOCK_DOWN_KERNEL=y
|
CONFIG_LOCK_DOWN_KERNEL=y
|
||||||
|
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
|
||||||
## choice: Default security module
|
## choice: Default security module
|
||||||
CONFIG_DEFAULT_SECURITY_APPARMOR=y
|
CONFIG_DEFAULT_SECURITY_APPARMOR=y
|
||||||
## end choice
|
## end choice
|
||||||
|
|
|
@ -55,7 +55,6 @@ CONFIG_X86_SMAP=y
|
||||||
CONFIG_X86_INTEL_MPX=y
|
CONFIG_X86_INTEL_MPX=y
|
||||||
CONFIG_EFI=y
|
CONFIG_EFI=y
|
||||||
CONFIG_EFI_STUB=y
|
CONFIG_EFI_STUB=y
|
||||||
CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y
|
|
||||||
CONFIG_SECCOMP=y
|
CONFIG_SECCOMP=y
|
||||||
CONFIG_KEXEC=y
|
CONFIG_KEXEC=y
|
||||||
CONFIG_CRASH_DUMP=y
|
CONFIG_CRASH_DUMP=y
|
||||||
|
|
Loading…
Reference in New Issue