[kernel/f18] Fix power management sysfs on non-secure boot machines (rhbz 896243)
Josh Boyer
jwboyer at fedoraproject.org
Thu Jan 17 03:13:30 UTC 2013
commit 202608877d88faba8f114c079c25f6d04075d10b
Author: Josh Boyer <jwboyer at redhat.com>
Date: Wed Jan 16 22:08:34 2013 -0500
Fix power management sysfs on non-secure boot machines (rhbz 896243)
kernel.spec | 5 +++-
secure-boot-20121212.patch | 48 ++++++++++++++++++++++++++++++-------------
2 files changed, 37 insertions(+), 16 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index dfd0249..46c06cd 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 204
+%global baserelease 205
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -2389,6 +2389,9 @@ fi
# ||----w |
# || ||
%changelog
+* Wed Jan 16 2013 Josh Boyer <jwboyer at redhat.com>
+- Fix power management sysfs on non-secure boot machines (rhbz 896243)
+
* Wed Jan 16 2013 Justin M. Forbes <jforbes at redhat.com> 3.7.2-204
- Fix for CVE-2013-0190 xen corruption with 32bit pvops (rhbz 896051 896038)
diff --git a/secure-boot-20121212.patch b/secure-boot-20121212.patch
index 387302b..61f796e 100644
--- a/secure-boot-20121212.patch
+++ b/secure-boot-20121212.patch
@@ -1318,10 +1318,10 @@ index 0000000..76a5a34
1.8.0.1
-From 7d5629a2000d9dc92da91d2f1258af748e89cfd7 Mon Sep 17 00:00:00 2001
+From e45330362517d08579cdaddc718febe68e2cae06 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer at redhat.com>
Date: Fri, 26 Oct 2012 14:02:09 -0400
-Subject: [PATCH 19/20] hibernate: Disable in a Secure Boot environment
+Subject: [PATCH] hibernate: Disable in a Secure Boot environment
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the secure boot trust model,
@@ -1330,16 +1330,24 @@ a Secure Boot environment.
Signed-off-by: Josh Boyer <jwboyer at redhat.com>
---
- kernel/power/hibernate.c | 14 +++++++++++++-
- kernel/power/main.c | 4 +++-
+ kernel/power/hibernate.c | 15 ++++++++++++++-
+ kernel/power/main.c | 7 ++++++-
kernel/power/user.c | 3 +++
- 3 files changed, 19 insertions(+), 2 deletions(-)
+ 3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index b26f5f1..f04343b 100644
+index b26f5f1..26bdfa8 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
-@@ -632,6 +632,10 @@ int hibernate(void)
+@@ -28,6 +28,7 @@
+ #include <linux/syscore_ops.h>
+ #include <linux/ctype.h>
+ #include <linux/genhd.h>
++#include <linux/efi.h>
+
+ #include "power.h"
+
+@@ -632,6 +633,10 @@ int hibernate(void)
{
int error;
@@ -1350,7 +1358,7 @@ index b26f5f1..f04343b 100644
lock_system_sleep();
/* The snapshot device should not be opened while we're running */
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
-@@ -723,7 +727,7 @@ static int software_resume(void)
+@@ -723,7 +728,7 @@ static int software_resume(void)
/*
* If the user said "noresume".. bail out early.
*/
@@ -1359,11 +1367,11 @@ index b26f5f1..f04343b 100644
return 0;
/*
-@@ -889,6 +893,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
+@@ -889,6 +894,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
int i;
char *start = buf;
-+ if (!capable(CAP_COMPROMISE_KERNEL)) {
++ if (secure_boot_enabled) {
+ buf += sprintf(buf, "[%s]\n", "disabled");
+ return buf-start;
+ }
@@ -1371,7 +1379,7 @@ index b26f5f1..f04343b 100644
for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
if (!hibernation_modes[i])
continue;
-@@ -923,6 +932,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
+@@ -923,6 +933,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
char *p;
int mode = HIBERNATION_INVALID;
@@ -1382,16 +1390,26 @@ index b26f5f1..f04343b 100644
len = p ? p - buf : n;
diff --git a/kernel/power/main.c b/kernel/power/main.c
-index f458238..72580c1 100644
+index 1c16f91..8e3456d 100644
--- a/kernel/power/main.c
+++ b/kernel/power/main.c
-@@ -301,7 +301,9 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
+@@ -15,6 +15,7 @@
+ #include <linux/workqueue.h>
+ #include <linux/debugfs.h>
+ #include <linux/seq_file.h>
++#include <linux/efi.h>
+
+ #include "power.h"
+
+@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
}
#endif
#ifdef CONFIG_HIBERNATION
- s += sprintf(s, "%s\n", "disk");
-+ if (capable(CAP_COMPROMISE_KERNEL)) {
++ if (!secure_boot_enabled) {
+ s += sprintf(s, "%s\n", "disk");
++ } else {
++ s += sprintf(s, "\n");
+ }
#else
if (s != buf)
@@ -1411,7 +1429,7 @@ index 4ed81e7..b11a0f4 100644
if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
--
-1.8.0.1
+1.8.0.2
From 81adc779dba0f45f10b5ff307bd55832305f1112 Mon Sep 17 00:00:00 2001
More information about the scm-commits
mailing list