Skip to content
Commit bcf44784 authored by Ben Hutchings's avatar Ben Hutchings
Browse files

lockdown: Update to upstream Lockdown LSM

The major differences from the previous version we had to the upstream
version are:

* It is now implemented as an LSM
* Lockdown mode is split into "integrity" and "confidentiality" levels
* It is not triggered by EFI Secure Boot, so we need to keep adding the
  patches that do that (and update them to work on top of the LSM)
* There is no option to disable it through SysRq, so we need to keep
  adding the patch that does that
* Two redundant checks were dropped - in uswsusp, redundant with
  hibernation_available(); and in APEI error injection, redundant with
  debugfs_is_locked_down()

Also update the other patches that were never part of the main
lockdown patch set.
parent 387b7eca
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment