1. 06 Dec, 2018 17 commits
  2. 16 Nov, 2018 1 commit
  3. 29 Oct, 2018 2 commits
  4. 28 Oct, 2018 1 commit
  5. 30 Jul, 2018 3 commits
  6. 27 Jun, 2018 2 commits
    • Luca Boccassi's avatar
      Add patch to fix lockdown mode · bd06522c
      Luca Boccassi authored
      Description: do not overwrite sentinel byte in boot_params, breaks lockdown
       grub currently copies the entire boot_params, which includes setting sentinel
       byte to 0xff, which triggers sanitize_boot_params in the kernel which in
       turn clears various boot_params variables, including the indication that
       the booloader chain is verified and thus the kernel disables lockdown mode.
       According to the information on the Fedora bug tracker, only the information
       from byte 0x1f1 is necessary, so start copying from there instead.
      Author: Luca Boccassi <bluca@debian.org>
      Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1418360
      Forwarded: no
      Patch-Name: fix_lockdown.patch
      bd06522c
    • Linn Crosetto's avatar
      Disallow unsigned kernels if UEFI Secure Boot is enabled · 36279516
      Linn Crosetto authored
      If UEFI Secure Boot is enabled and kernel signature verification fails, do not
      boot the kernel. Before this change, if kernel signature verification failed
      then GRUB would fall back to calling ExitBootServices() and continuing the
      boot.
      
      Patch-Name: linuxefi_disable_sb_fallback.patch
      Signed-off-by: default avatarLinn Crosetto <linn@hpe.com>
      36279516
  7. 16 Jun, 2018 1 commit
  8. 16 Mar, 2018 13 commits