From eeec1f708bfb7fd559b3b74893cbfb5b7c8e430af1dbbe5570dc3603a3aa43df Mon Sep 17 00:00:00 2001 From: Kernel Bugs Date: Mon, 18 Dec 2023 07:06:03 +0000 Subject: [PATCH] commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4 OBS-URL: https://build.opensuse.org/package/show/Kernel:slowroll/kernel-source-longterm?expand=0&rev=4 --- config.tar.bz2 | 4 ++-- kernel-longterm.changes | 21 +++++++++++++++++++++ kernel-longterm.spec | 4 ++-- kernel-source-longterm.changes | 21 +++++++++++++++++++++ kernel-source-longterm.spec | 4 ++-- kernel-syms-longterm.changes | 21 +++++++++++++++++++++ kernel-syms-longterm.spec | 4 ++-- patches.suse.tar.bz2 | 4 ++-- series.conf | 11 +++++++++++ source-timestamp | 4 ++-- 10 files changed, 86 insertions(+), 12 deletions(-) diff --git a/config.tar.bz2 b/config.tar.bz2 index 1ea9fba..ee2887b 100644 --- a/config.tar.bz2 +++ b/config.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:54e341b3ec5eb2f5b8b5c9b510629ef7bcf016d9e45825728e532790f74479c0 -size 62685 +oid sha256:71cdf3a6b0d92d5141e0ed2ce2084b580f6f0280a81cedfa4b08dce0ae960d0a +size 62709 diff --git a/kernel-longterm.changes b/kernel-longterm.changes index c784227..ccb884b 100644 --- a/kernel-longterm.changes +++ b/kernel-longterm.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Fri Dec 15 11:22:01 CET 2023 - rfrohl@suse.com + +- KEYS: Make use of platform keyring for module signature verify + (FATE#314508, FATE#316531, bsc#1209006). +- commit d8ec790 + +------------------------------------------------------------------- +Thu Dec 14 13:08:40 CET 2023 - rfrohl@suse.com + +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870 boo#1217741). +- Update config files. +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870 boo#1217741). +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870 boo#1217741). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870 boo#1217741). +- commit 2fb56b9 + ------------------------------------------------------------------- Thu Dec 14 11:44:20 CET 2023 - rfrohl@suse.com diff --git a/kernel-longterm.spec b/kernel-longterm.spec index f792ba3..89b7c49 100644 --- a/kernel-longterm.spec +++ b/kernel-longterm.spec @@ -19,7 +19,7 @@ %define srcversion 6.1 %define patchversion 6.1.68 -%define git_commit e2d741cef0471025440ebcccd404bbf178a465bc +%define git_commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4 %define variant -longterm%{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -115,7 +115,7 @@ License: GPL-2.0-only Group: System/Kernel Version: 6.1.68 %if 0%{?is_kotd} -Release: .ge2d741c +Release: .gd8ec790 %else Release: 0 %endif diff --git a/kernel-source-longterm.changes b/kernel-source-longterm.changes index c784227..ccb884b 100644 --- a/kernel-source-longterm.changes +++ b/kernel-source-longterm.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Fri Dec 15 11:22:01 CET 2023 - rfrohl@suse.com + +- KEYS: Make use of platform keyring for module signature verify + (FATE#314508, FATE#316531, bsc#1209006). +- commit d8ec790 + +------------------------------------------------------------------- +Thu Dec 14 13:08:40 CET 2023 - rfrohl@suse.com + +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870 boo#1217741). +- Update config files. +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870 boo#1217741). +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870 boo#1217741). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870 boo#1217741). +- commit 2fb56b9 + ------------------------------------------------------------------- Thu Dec 14 11:44:20 CET 2023 - rfrohl@suse.com diff --git a/kernel-source-longterm.spec b/kernel-source-longterm.spec index 3c1b4df..0582bd2 100644 --- a/kernel-source-longterm.spec +++ b/kernel-source-longterm.spec @@ -18,7 +18,7 @@ %define srcversion 6.1 %define patchversion 6.1.68 -%define git_commit e2d741cef0471025440ebcccd404bbf178a465bc +%define git_commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4 %define variant -longterm%{nil} %include %_sourcedir/kernel-spec-macros @@ -33,7 +33,7 @@ Name: kernel-source-longterm Version: 6.1.68 %if 0%{?is_kotd} -Release: .ge2d741c +Release: .gd8ec790 %else Release: 0 %endif diff --git a/kernel-syms-longterm.changes b/kernel-syms-longterm.changes index c784227..ccb884b 100644 --- a/kernel-syms-longterm.changes +++ b/kernel-syms-longterm.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Fri Dec 15 11:22:01 CET 2023 - rfrohl@suse.com + +- KEYS: Make use of platform keyring for module signature verify + (FATE#314508, FATE#316531, bsc#1209006). +- commit d8ec790 + +------------------------------------------------------------------- +Thu Dec 14 13:08:40 CET 2023 - rfrohl@suse.com + +- efi: Lock down the kernel at the integrity level if booted in + secure boot mode (jsc#SLE-9870 boo#1217741). +- Update config files. +- efi: Lock down the kernel if booted in secure boot mode + (jsc#SLE-9870 boo#1217741). +- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode + (jsc#SLE-9870 boo#1217741). +- security: lockdown: expose a hook to lock the kernel down + (jsc#SLE-9870 boo#1217741). +- commit 2fb56b9 + ------------------------------------------------------------------- Thu Dec 14 11:44:20 CET 2023 - rfrohl@suse.com diff --git a/kernel-syms-longterm.spec b/kernel-syms-longterm.spec index 6f5185a..8ade2bd 100644 --- a/kernel-syms-longterm.spec +++ b/kernel-syms-longterm.spec @@ -16,7 +16,7 @@ # -%define git_commit e2d741cef0471025440ebcccd404bbf178a465bc +%define git_commit d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4 %define variant -longterm%{nil} %include %_sourcedir/kernel-spec-macros @@ -28,7 +28,7 @@ Group: Development/Sources Version: 6.1.68 %if %using_buildservice %if 0%{?is_kotd} -Release: .ge2d741c +Release: .gd8ec790 %else Release: 0 %endif diff --git a/patches.suse.tar.bz2 b/patches.suse.tar.bz2 index 841a512..bc40647 100644 --- a/patches.suse.tar.bz2 +++ b/patches.suse.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:db46fe0bbcf07a0169fa5294b3685e4351e8f61dfe8509e655e601b319bb40f4 -size 40001 +oid sha256:12a83696278849146ec63c424045c476bebe8b8466d647f6bf98254daa726013 +size 43940 diff --git a/series.conf b/series.conf index 5a2849a..98d8ea7 100644 --- a/series.conf +++ b/series.conf @@ -12213,6 +12213,17 @@ # Security ######################################################## + # Module signing / secure boot + patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch + + # Bug 1198101 - VUL-0: shim: openSUSE tumbleweed not fully locked down? Add opensuse-cert-prompt back to openSUSE shim + # Bug 1217741 - slowroll kernel missing lockdown patches + # Lock down functions for secure boot + patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch + patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch + patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch + patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch + # crypto ######################################################## diff --git a/source-timestamp b/source-timestamp index c948b12..36ee02e 100644 --- a/source-timestamp +++ b/source-timestamp @@ -1,3 +1,3 @@ -2023-12-14 10:47:15 +0000 -GIT Revision: e2d741cef0471025440ebcccd404bbf178a465bc +2023-12-15 10:22:01 +0000 +GIT Revision: d8ec79088b4105e57ee7e9f68bc366a9a6b9bcd4 GIT Branch: slowroll