blob: d694eb78794e5408583e875917980b13673e1bd4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: Does not enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism
References:
https://lkml.org/lkml/2020/9/15/1871
https://lore.kernel.org/lkml/20200916004927.64276-1-eric.snowberg@oracle.com/
https://lore.kernel.org/lkml/2660556.1610545213@warthog.procyon.org.uk/
Notes:
bwh> This is only relevant to kernel versions that support the
bwh> UEFI Secure Boot key store and/or are themselves signed.
carnil> The commit adds a new config option SYSTEM_REVOCATION_LIST to
carnil> enable the facility.
Bugs:
upstream: released (5.13-rc1) [56c5812623f95313f6a46fbf0beee7fa17c68bbf]
6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.47) [45109066f686597116467a53eaf4330450702a96]
4.19-upstream-stable: N/A "Secure Boot key import not supported"
4.9-upstream-stable: N/A "Secure Boot key import not supported"
sid: released (5.14.6-1)
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: needed
4.9-stretch-security: N/A "Secure Boot key import not supported"
|
