From patchwork Fri Jun 19 12:48:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 1312885 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49pJWt00yJz9sNR; Fri, 19 Jun 2020 22:48:41 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jmGRh-0007Qg-U0; Fri, 19 Jun 2020 12:48:37 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jmGRg-0007Qa-S6 for kernel-team@lists.ubuntu.com; Fri, 19 Jun 2020 12:48:36 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jmGRg-0005Rm-Gm for kernel-team@lists.ubuntu.com; Fri, 19 Jun 2020 12:48:36 +0000 Received: by mail-io1-f72.google.com with SMTP id c17so6628326ioi.10 for ; Fri, 19 Jun 2020 05:48:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=CppsBD0up/TNk6DaNLom+Whx8EN8QCYlc20gj/dCCBk=; b=g3DkVHxadfk21S5kk1kKnznuuRx/nYjJQdCXSCTMNHnZh3x3z0LF2ig/6gARrnL1ol FCiLEzMZDgk6sj9/YGrLRqXwynffzJvnBpyHXO1GHYOE2HK6Vud3cPEUHtVqYGRiak+w J/2jZxAHRyPw5gfPx26x2rkWKQ0UrHvdsMkfHztVffCj6B6iOXN0i54PDaZFtTxCjlHW glaD8Q31BDWiPIy2fxRHiivUEpbh2gQzGqoY92kulKCCsUi89e0//CRB0MYXOef07/VL 3OpG9C/JWXiZlwGeVFVAdI7i9sDDC0MEyk+MOrKlk1lj1hrmLHX5dPdj/Xh+Q1eZQ8SK i6jQ== X-Gm-Message-State: AOAM530HNrbhwuYIXb4beY8bSFTdf2B5MKBEnhGTJgm2qZeZ9PmPIl33 2RHoae54cH9kq0+Bjm37vDo2jP8klSv/ren8qmeX77UFdgnUNLWBeSH1Xk3bNz3hTmaczLgAA63 M7diOGdebWmipP3wZwDDj9JNxCk/gfqDg6ZM1MjGcvA== X-Received: by 2002:a6b:ba8b:: with SMTP id k133mr286816iof.204.1592570915362; Fri, 19 Jun 2020 05:48:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyFnAtyDC+tDARPcGHJmosj0n0DFTB72zr3MT0hI0ZlC9SvWMe1HZvoPzzkDXzUZFBzP6z2SA== X-Received: by 2002:a6b:ba8b:: with SMTP id k133mr286793iof.204.1592570915113; Fri, 19 Jun 2020 05:48:35 -0700 (PDT) Received: from localhost ([136.37.150.243]) by smtp.gmail.com with ESMTPSA id z9sm3063914ilq.22.2020.06.19.05.48.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jun 2020 05:48:34 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH 0/6][B] Lockdown updates Date: Fri, 19 Jun 2020 07:48:27 -0500 Message-Id: <20200619124833.633575-1-seth.forshee@canonical.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" It appears I forgot to send the bionic updates out yesterday when I sent patches for everything else. BugLink: https://bugs.launchpad.net/bugs/1884159 The following changes since commit 1b1c170690b148066132560cda285642b39ef40e: UBUNTU: Ubuntu-4.15.0-103.104 (2020-05-29 14:20:17 +0200) are available in the Git repository at: git://git.launchpad.net/~sforshee/ubuntu/+source/linux/+git/bionic lockdown-updates for you to fetch changes up to 4d2779ff152b4e6ca0be4dfa14270153eac7c33f: UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked down (2020-06-16 16:46:08 -0500) Thanks, Seth ---------------------------------------------------------------- Christopher M. Riedl (2): powerpc/xmon: add read-only mode powerpc/xmon: Restrict when kernel is locked down Jason A. Donenfeld (1): UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked down Javier Martinez Canillas (1): efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN Matthew Garrett (1): efi: Restrict efivar_ssdt_load when the kernel is locked down Seth Forshee (1): UBUNTU: [Config] CONFIG_XMON_DEFAULT_RO_MODE=y arch/powerpc/Kconfig.debug | 8 ++ arch/powerpc/xmon/xmon.c | 148 +++++++++++++++++++--- debian.master/config/config.common.ubuntu | 1 + drivers/acpi/acpi_configfs.c | 4 + drivers/firmware/efi/efi.c | 5 + drivers/firmware/efi/test/efi_test.c | 7 + 6 files changed, 156 insertions(+), 17 deletions(-) Acked-by: Stefan Bader Acked-by: Andrea Righi