From 85c3a1be4ddd13d0c0c6ef9168e6aa37e0e07b4a Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Thu, 20 Apr 2017 00:48:59 +0100 Subject: [PATCH] Note Lukas Wunner's forward-porting work in patches --- .../fs-add-module_softdep-declarations-for-hard-coded-cr.patch | 1 + .../acpi-disable-acpi-table-override-if-securelevel-is-s.patch | 1 + .../add-option-to-automatically-set-securelevel-when-in-.patch | 3 +++ .../arm64-add-kernel-config-option-to-set-securelevel-wh.patch | 1 + .../all/securelevel/enable-cold-boot-attack-mitigation.patch | 1 + 5 files changed, 7 insertions(+) diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch index af00757a0..9b5b3b84f 100644 --- a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch +++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch @@ -8,6 +8,7 @@ This helps initramfs builders and other tools to find the full dependencies of a module. Signed-off-by: Ben Hutchings +[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] --- --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c diff --git a/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch b/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch index fc914bd15..b93610077 100644 --- a/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch +++ b/debian/patches/features/all/securelevel/acpi-disable-acpi-table-override-if-securelevel-is-s.patch @@ -16,6 +16,7 @@ do not allow ACPI tables to be overridden if securelevel is set. Signed-off-by: Linn Crosetto [bwh: Forward-ported to 4.7: ACPI override code moved to drivers/acpi/tables.c] [bwh: Forward-ported to 4.9: adjust context] +[Lukas Wunner: Forward-ported to 4.11: secure_boot field is now quad-state] --- arch/x86/kernel/setup.c | 12 ++++++------ drivers/acpi/tables.c | 6 ++++++ diff --git a/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch b/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch index 2f3518073..bdd24557b 100644 --- a/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch +++ b/debian/patches/features/all/securelevel/add-option-to-automatically-set-securelevel-when-in-.patch @@ -11,6 +11,9 @@ code at runtime. Add a configuration option that enforces this automatically when enabled. Signed-off-by: Matthew Garrett +[Lukas Wunner: Forward-ported to 4.11: + - Drop parts applied upstream + - secure_boot field is now quad-state] --- arch/x86/Kconfig | 13 +++++++++++++ arch/x86/kernel/setup.c | 7 +++++++ diff --git a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch index 4e7931559..30403f303 100644 --- a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch +++ b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch @@ -11,6 +11,7 @@ kernel using the FDT. Signed-off-by: Linn Crosetto [bwh: Forward-ported to 4.10: adjust context] +[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream] --- v2: diff --git a/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch b/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch index 26580e012..d023f0e79 100644 --- a/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch +++ b/debian/patches/features/all/securelevel/enable-cold-boot-attack-mitigation.patch @@ -3,6 +3,7 @@ Date: Tue, 12 Jan 2016 12:51:27 -0800 Subject: [18/18] Enable cold boot attack mitigation Origin: https://github.com/mjg59/linux/commit/02d999574936dd234a508c0112a0200c135a5c34 +[Lukas Wunner: Forward-ported to 4.11: adjust context] --- arch/x86/boot/compressed/eboot.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)