Commit 27a70476 authored by Romain Perier's avatar Romain Perier

Update to 4.20.13

This updates the debian changelog for adding the upstream changelogs of
each new stable updates (up to this 4.20.13). Also this refreshes the
patch lockdown/0028-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
parent 4cc7eb07
linux (4.20.11-1~exp1) UNRELEASED; urgency=medium
linux (4.20.13-1~exp1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.1
......@@ -12,6 +12,8 @@ linux (4.20.11-1~exp1) UNRELEASED; urgency=medium
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.9
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.10
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.11
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.12
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.13
[ YunQiang Su ]
* [mipsel, mips64el] Enable DRM_AST and FB_SM750 for loongson-3
......@@ -34,6 +36,9 @@ linux (4.20.11-1~exp1) UNRELEASED; urgency=medium
__close_fd_get_file() and task_work_add(), both required by binder.
* Refreshed debian/revert-objtool-fix-config_stack_validation-y-warning.patch,
so this can be applied against 4.20.4
* Refreshed patch for lockdown
0028-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch, so this
can be applied against >= 4.20.13
[ Marcin Juszkiewicz ]
* udeb: Add virtio-gpu into d-i to get graphical output in VM instances.
......
......@@ -15,13 +15,15 @@ Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org
---
arch/x86/kernel/setup.c | 14 +-------------
arch/x86/kernel/setup.c | 14 +-----------
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/secureboot.c | 38 ++++++++++++++++++++++++++++++++++++++
include/linux/efi.h | 16 ++++++++++------
4 files changed, 50 insertions(+), 19 deletions(-)
drivers/firmware/efi/secureboot.c | 38 +++++++++++++++++++++++++++++++
include/linux/efi.h | 17 +++++++++-----
4 files changed, 51 insertions(+), 19 deletions(-)
create mode 100644 drivers/firmware/efi/secureboot.c
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index d494b9bfe618..35dbd2e66608 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1158,19 +1158,7 @@ void __init setup_arch(char **cmdline_p)
......@@ -45,9 +47,11 @@ cc: linux-efi@vger.kernel.org
reserve_initrd();
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
index 5f9f5039de50..7a0a6378203e 100644
--- a/drivers/firmware/efi/Makefile
+++ b/drivers/firmware/efi/Makefile
@@ -24,6 +24,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_m
@@ -24,6 +24,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_mem.o
obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o
obj-$(CONFIG_EFI_TEST) += test/
obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o
......@@ -55,6 +59,9 @@ cc: linux-efi@vger.kernel.org
obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o
arm-obj-$(CONFIG_EFI) := arm-init.o arm-runtime.o
diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
new file mode 100644
index 000000000000..9070055de0a1
--- /dev/null
+++ b/drivers/firmware/efi/secureboot.c
@@ -0,0 +1,38 @@
......@@ -96,14 +103,17 @@ cc: linux-efi@vger.kernel.org
+ }
+ }
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 845174e113ce..204ff46ca8d6 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1155,6 +1155,14 @@ extern int __init efi_setup_pcdp_console
@@ -1155,6 +1155,15 @@ extern int __init efi_setup_pcdp_console(char *);
#define EFI_DBG 8 /* Print additional debug info at runtime */
#define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */
#define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
+#define EFI_SECURE_BOOT 11 /* Are we in Secure Boot mode? */
+
+
+enum efi_secureboot_mode {
+ efi_secureboot_mode_unset,
+ efi_secureboot_mode_unknown,
......@@ -113,23 +123,23 @@ cc: linux-efi@vger.kernel.org
#ifdef CONFIG_EFI
/*
@@ -1169,6 +1177,7 @@ extern void efi_reboot(enum reboot_mode
extern bool efi_is_table_address(unsigned long phys_addr);
@@ -1167,6 +1176,7 @@ static inline bool efi_enabled(int feature)
extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused);
extern int efi_apply_persistent_mem_reservations(void);
extern bool efi_is_table_address(unsigned long phys_addr);
+extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode);
#else
static inline bool efi_enabled(int feature)
{
@@ -1192,6 +1201,7 @@ static inline int efi_apply_persistent_m
@@ -1185,6 +1195,7 @@ static inline bool efi_is_table_address(unsigned long phys_addr)
{
return 0;
return false;
}
+static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
#endif
extern int efi_status_to_err(efi_status_t status);
@@ -1577,12 +1587,6 @@ efi_status_t efi_setup_gop(efi_system_ta
@@ -1570,12 +1581,6 @@ efi_status_t efi_setup_gop(efi_system_table_t *sys_table_arg,
bool efi_runtime_disabled(void);
extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment