lockdown: Update to upstream Lockdown LSM
The major differences from the previous version we had to the upstream version are: * It is now implemented as an LSM * Lockdown mode is split into "integrity" and "confidentiality" levels * It is not triggered by EFI Secure Boot, so we need to keep adding the patches that do that (and update them to work on top of the LSM) * There is no option to disable it through SysRq, so we need to keep adding the patch that does that * Two redundant checks were dropped - in uswsusp, redundant with hibernation_available(); and in APEI error injection, redundant with debugfs_is_locked_down() Also update the other patches that were never part of the main lockdown patch set.
Loading
Please register or sign in to comment