From 80180ea2672b75a2c207dc5143d80f0b6e08aeb925b5e412fceea16622111b52 Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Mon, 26 Mar 2018 06:02:12 +0000 Subject: [PATCH] commit 12abbef0096b249fb517902aff4cb227c51e4a21 OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=835 --- config.tar.bz2 | 4 ++-- dtb-aarch64.changes | 30 ++++++++++++++++++++++++++++++ dtb-aarch64.spec | 2 +- dtb-armv6l.changes | 30 ++++++++++++++++++++++++++++++ dtb-armv6l.spec | 2 +- dtb-armv7l.changes | 30 ++++++++++++++++++++++++++++++ dtb-armv7l.spec | 2 +- kernel-64kb.changes | 30 ++++++++++++++++++++++++++++++ kernel-64kb.spec | 2 +- kernel-debug.changes | 30 ++++++++++++++++++++++++++++++ kernel-debug.spec | 2 +- kernel-default.changes | 30 ++++++++++++++++++++++++++++++ kernel-default.spec | 2 +- kernel-docs.changes | 30 ++++++++++++++++++++++++++++++ kernel-docs.spec | 2 +- kernel-lpae.changes | 30 ++++++++++++++++++++++++++++++ kernel-lpae.spec | 2 +- kernel-obs-build.changes | 30 ++++++++++++++++++++++++++++++ kernel-obs-build.spec | 2 +- kernel-obs-qa.changes | 30 ++++++++++++++++++++++++++++++ kernel-obs-qa.spec | 2 +- kernel-pae.changes | 30 ++++++++++++++++++++++++++++++ kernel-pae.spec | 2 +- kernel-source.changes | 30 ++++++++++++++++++++++++++++++ kernel-source.spec | 2 +- kernel-syms.changes | 30 ++++++++++++++++++++++++++++++ kernel-syms.spec | 2 +- kernel-syzkaller.changes | 30 ++++++++++++++++++++++++++++++ kernel-syzkaller.spec | 2 +- kernel-vanilla.changes | 30 ++++++++++++++++++++++++++++++ kernel-vanilla.spec | 2 +- kernel-zfcpdump.changes | 30 ++++++++++++++++++++++++++++++ kernel-zfcpdump.spec | 2 +- source-timestamp | 4 ++-- 34 files changed, 500 insertions(+), 20 deletions(-) diff --git a/config.tar.bz2 b/config.tar.bz2 index c0029618..5311f2f5 100644 --- a/config.tar.bz2 +++ b/config.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ab3833b4b1a53c451fc70b0aaf7bbdda56876635072219d2bb5c669fb10e902e -size 177353 +oid sha256:431ff7ca5fcf092c8f40bd7740e2c80b6a29f78aa1b56220c96f825f6d61e8ea +size 177636 diff --git a/dtb-aarch64.changes b/dtb-aarch64.changes index 9ad480d9..85d7a7f0 100644 --- a/dtb-aarch64.changes +++ b/dtb-aarch64.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/dtb-aarch64.spec b/dtb-aarch64.spec index 047cf774..ef2c386f 100644 --- a/dtb-aarch64.spec +++ b/dtb-aarch64.spec @@ -31,7 +31,7 @@ Name: dtb-aarch64 Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/dtb-armv6l.changes b/dtb-armv6l.changes index 9ad480d9..85d7a7f0 100644 --- a/dtb-armv6l.changes +++ b/dtb-armv6l.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/dtb-armv6l.spec b/dtb-armv6l.spec index 7003c3c4..77097eb6 100644 --- a/dtb-armv6l.spec +++ b/dtb-armv6l.spec @@ -31,7 +31,7 @@ Name: dtb-armv6l Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/dtb-armv7l.changes b/dtb-armv7l.changes index 9ad480d9..85d7a7f0 100644 --- a/dtb-armv7l.changes +++ b/dtb-armv7l.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/dtb-armv7l.spec b/dtb-armv7l.spec index df476bb8..c1b0ea39 100644 --- a/dtb-armv7l.spec +++ b/dtb-armv7l.spec @@ -31,7 +31,7 @@ Name: dtb-armv7l Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-64kb.changes b/kernel-64kb.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-64kb.changes +++ b/kernel-64kb.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-64kb.spec b/kernel-64kb.spec index 2ed9030e..c262aecc 100644 --- a/kernel-64kb.spec +++ b/kernel-64kb.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-debug.changes b/kernel-debug.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-debug.changes +++ b/kernel-debug.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-debug.spec b/kernel-debug.spec index 6ec617f1..8b957789 100644 --- a/kernel-debug.spec +++ b/kernel-debug.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-default.changes b/kernel-default.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-default.changes +++ b/kernel-default.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-default.spec b/kernel-default.spec index 20873710..511b2865 100644 --- a/kernel-default.spec +++ b/kernel-default.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-docs.changes b/kernel-docs.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-docs.changes +++ b/kernel-docs.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-docs.spec b/kernel-docs.spec index 67df4add..274ea0fe 100644 --- a/kernel-docs.spec +++ b/kernel-docs.spec @@ -33,7 +33,7 @@ License: GPL-2.0 Group: Documentation/Man Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-lpae.changes b/kernel-lpae.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-lpae.changes +++ b/kernel-lpae.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-lpae.spec b/kernel-lpae.spec index d778360d..1391b6dc 100644 --- a/kernel-lpae.spec +++ b/kernel-lpae.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-obs-build.changes b/kernel-obs-build.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-obs-build.changes +++ b/kernel-obs-build.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-obs-build.spec b/kernel-obs-build.spec index 57609d67..4839c079 100644 --- a/kernel-obs-build.spec +++ b/kernel-obs-build.spec @@ -66,7 +66,7 @@ License: GPL-2.0 Group: SLES Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-obs-qa.changes b/kernel-obs-qa.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-obs-qa.changes +++ b/kernel-obs-qa.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-obs-qa.spec b/kernel-obs-qa.spec index b548170b..1fb079a8 100644 --- a/kernel-obs-qa.spec +++ b/kernel-obs-qa.spec @@ -38,7 +38,7 @@ License: GPL-2.0 Group: SLES Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-pae.changes b/kernel-pae.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-pae.changes +++ b/kernel-pae.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-pae.spec b/kernel-pae.spec index 2e0f89b1..0ab06c4b 100644 --- a/kernel-pae.spec +++ b/kernel-pae.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-source.changes b/kernel-source.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-source.changes +++ b/kernel-source.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-source.spec b/kernel-source.spec index 4e6c8a45..e4585c0e 100644 --- a/kernel-source.spec +++ b/kernel-source.spec @@ -32,7 +32,7 @@ License: GPL-2.0 Group: Development/Sources Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-syms.changes b/kernel-syms.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-syms.changes +++ b/kernel-syms.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-syms.spec b/kernel-syms.spec index 07c70844..29b22fb6 100644 --- a/kernel-syms.spec +++ b/kernel-syms.spec @@ -27,7 +27,7 @@ Group: Development/Sources Version: 4.15.13 %if %using_buildservice %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-syzkaller.changes b/kernel-syzkaller.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-syzkaller.changes +++ b/kernel-syzkaller.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-syzkaller.spec b/kernel-syzkaller.spec index a369bc5c..7700d36b 100644 --- a/kernel-syzkaller.spec +++ b/kernel-syzkaller.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-vanilla.changes b/kernel-vanilla.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-vanilla.changes +++ b/kernel-vanilla.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-vanilla.spec b/kernel-vanilla.spec index 2f4140cb..887c07f3 100644 --- a/kernel-vanilla.spec +++ b/kernel-vanilla.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/kernel-zfcpdump.changes b/kernel-zfcpdump.changes index 9ad480d9..85d7a7f0 100644 --- a/kernel-zfcpdump.changes +++ b/kernel-zfcpdump.changes @@ -970,6 +970,36 @@ Wed Mar 7 16:09:53 CET 2018 - tiwai@suse.de MMIO when running nested (bsc#1081431). - commit 4e5b14d +------------------------------------------------------------------- +Tue Mar 6 14:08:41 CET 2018 - jslaby@suse.cz + +- Update config files. + Enable module signing (bnc#1082905): + * CONFIG_MODULE_SIG=y + * # CONFIG_MODULE_SIG_FORCE is not set + * # CONFIG_MODULE_SIG_ALL is not set + * # CONFIG_MODULE_SIG_SHA1 is not set + * # CONFIG_MODULE_SIG_SHA224 is not set + * CONFIG_MODULE_SIG_SHA256=y + * # CONFIG_MODULE_SIG_SHA384 is not set + * # CONFIG_MODULE_SIG_SHA512 is not set + * CONFIG_MODULE_SIG_HASH="sha256" + * CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" + * CONFIG_SECONDARY_TRUSTED_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_KEYRING=y + * CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" + This commit synchronizes these options with SLE15. + We do not add patches for loading keys from the shim layer (as in + SLE15) for the time being. They were rejected multiple times in + upstream and we do not want to forward-port them infinitely. This only + means that loading KMPs with none/invalid signatures generates this: + : loading out-of-tree module taints kernel. + : module verification failed: signature and/or required key missing - tainting kernel + But the modules load fine after that as we have MODULE_SIG_FORCE set + to 'n'. + Tested in qemu+OVMF and bare metal and everything looks fine. +- commit 12abbef + ------------------------------------------------------------------- Fri Mar 2 12:52:26 CET 2018 - tiwai@suse.de diff --git a/kernel-zfcpdump.spec b/kernel-zfcpdump.spec index 8248f97a..908cf6ce 100644 --- a/kernel-zfcpdump.spec +++ b/kernel-zfcpdump.spec @@ -60,7 +60,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.15.13 %if 0%{?is_kotd} -Release: .g950fc49 +Release: .g12abbef %else Release: 0 %endif diff --git a/source-timestamp b/source-timestamp index c9de6060..e521d1c6 100644 --- a/source-timestamp +++ b/source-timestamp @@ -1,3 +1,3 @@ -2018-03-25 10:34:58 +0200 -GIT Revision: 950fc49446f43cd0aa5c406e5dd837053ee73f3b +2018-03-25 22:21:41 +0200 +GIT Revision: 12abbef0096b249fb517902aff4cb227c51e4a21 GIT Branch: stable