group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #08806
[Bug 1593075] Re: linux: Implement secure boot state variables
This bug was fixed in the package linux - 3.13.0-101.148
---------------
linux (3.13.0-101.148) trusty; urgency=low
[ Seth Forshee ]
* Release Tracking Bug
- LP: #1635430
* [arm64] nova instances can't boot with 3.13.0-92 (LP: #1608854)
- Revert "efi: Disable interrupts around EFI calls, not in the epilog/prolog
calls"
- Revert "x86/efi: Use all 64 bit of efi_memmap in setup_e820()"
- Revert "x86/efi: Store upper bits of command line buffer address in
ext_cmd_line_ptr"
- Revert "efivarfs: Ensure VariableName is NUL-terminated"
- Revert "efi/libstub: Fix boundary checking in efi_high_alloc()"
- Revert "arm64: efi: only attempt efi map setup if booting via EFI"
- Revert "UBUNTU: arm64: Implement efi_enabled()"
- Revert "efi/arm64: ignore dtb= when UEFI SecureBoot is enabled"
- Revert "doc: arm64: add description of EFI stub support"
- Revert "UBUNTU: Move get_dram_base to arm private file"
- Revert "arm64: efi: add EFI stub"
- Revert "arm64: add EFI runtime services"
- Revert "efi: Add shared FDT related functions for ARM/ARM64"
- Revert "efi: add helper function to get UEFI params from FDT"
- Revert "doc: efi-stub.txt updates for ARM"
- Revert "efi: Add get_dram_base() helper function"
- Revert "efi: create memory map iteration helper"
- Revert "x86, ia64: Move EFI_FB vga_default_device() initialization to
pci_vga_fixup()"
- Revert "firmware: Do not use WARN_ON(!spin_is_locked())"
- Revert "efi-pstore: Fix an overflow on 32-bit builds"
- Revert "x86/efi: Fix 32-bit fallout"
- Revert "x86/efi: Check krealloc return value"
- Revert "x86/efi: Runtime services virtual mapping"
- Revert "x86/efi: Fix off-by-one bug in EFI Boot Services reservation"
- x86/efi: Simplify EFI_DEBUG
- x86/efi: Runtime services virtual mapping
- x86/efi: Check krealloc return value
- SAUCE: Merge tag 'efi-next' of
git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/efi
- doc: Fix trivial spelling mistake in efi-stub.txt
- x86/efi: Remove unused variables in __map_region()
- x86/efi: Add a wrapper function efi_map_region_fixed()
- x86/efi: Fix off-by-one bug in EFI Boot Services reservation
- x86/efi: Cleanup efi_enter_virtual_mode() function
- efi: Export more EFI table variables to sysfs
- [Config] CONFIG_EFI_RUNTIME_MAP=y
- efi: Export EFI runtime memory mapping to sysfs
- x86/efi: Pass necessary EFI data for kexec via setup_data
- x86/efi: Delete superfluous global variables
- x86/efi: parse_efi_setup() build fix
- SAUCE: Merge tag 'v3.13-rc7' into x86/efi-kexec to resolve conflicts
- x86/efi: Allow mapping BGRT on x86-32
- x86/efi: Fix 32-bit fallout
- x86/efi: Check status field to validate BGRT header
- x86/efi: Quirk out SGI UV
- v3.14 - Bacported EFI up to v3.14
- efi: Move facility flags to struct efi
- efi: Set feature flags inside feature init functions
- efivarfs: 'efivarfs_file_write' function reorganization
- x86/efi: Delete out-of-date comments of efi_query_variable_store
- x86/efi: Style neatening
- x86/efi: Dump the EFI page table
- x86, pageattr: Export page unmapping interface
- x86/efi: Make efi virtual runtime map passing more robust
- x86/efi: Split efi_enter_virtual_mode
- ia64/efi: Implement efi_enabled()
- efi: Use NULL instead of 0 for pointer
- x86, tools: Consolidate #ifdef code
- x86/efi: Delete dead code when checking for non-native
- efi: Add separate 32-bit/64-bit definitions
- x86/efi: Build our own EFI services pointer table
- x86/efi: Add early thunk code to go from 64-bit to 32-bit
- x86/efi: Firmware agnostic handover entry points
- [Config] CONFIG_EFI_MIXED=y
- x86/efi: Wire up CONFIG_EFI_MIXED
- x86/efi: Re-disable interrupts after calling firmware services
- SAUCE: Merge remote-tracking branch 'tip/x86/efi-mixed' into efi-for-mingo
- x86, tools: Fix up compiler warnings
- x86/efi: Preserve segment registers in mixed mode
- x86/efi: Rip out phys_efi_get_time()
- x86/efi: Restore 'attr' argument to query_variable_info()
- SAUCE: merge with v3.15
- fs/efivarfs/super.c: use static const for dentry_operations
- SAUCE: merge with v3.16
- efi: efi-stub-helper cleanup
- efi: create memory map iteration helper
- efi: Add shared printk wrapper for consistent prefixing
- efi: Add get_dram_base() helper function
- efi: x86: Handle arbitrary Unicode characters
- x86/efi: Delete most of the efi_call* macros
- x86/efi: Implement a __efi_call_virt macro
- x86/efi: Save and restore FPU context around efi_calls (x86_64)
- x86/efi: Save and restore FPU context around efi_calls (i386)
- efivars: Use local variables instead of a pointer dereference
- efivars: Check size of user object
- efivars: Stop passing a struct argument to efivar_validate()
- efivars: Refactor sanity checking code into separate function
- efivars: Add compatibility code for compat tasks
- doc: efi-stub.txt updates for ARM
- efi: add helper function to get UEFI params from FDT
- efi: Add shared FDT related functions for ARM/ARM64
- [Config] CONFIG_LIBFDT=y
- arm64: add EFI runtime services
- arm64: efi: add EFI stub
- doc: arm64: add description of EFI stub support
- efi/arm64: ignore dtb= when UEFI SecureBoot is enabled
- arm64: efi: only attempt efi map setup if booting via EFI
- efi-pstore: Fix an overflow on 32-bit builds
- firmware: Do not use WARN_ON(!spin_is_locked())
- x86, ia64: Move EFI_FB vga_default_device() initialization to
pci_vga_fixup()
- efivarfs: Ensure VariableName is NUL-terminated
- x86/efi: Store upper bits of command line buffer address in ext_cmd_line_ptr
- x86/efi: Use all 64 bit of efi_memmap in setup_e820()
- efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
- x86/efi: Fix boot failure with EFI stub
- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime,
instead of top-down
- efi/libstub: Fix boundary checking in efi_high_alloc()
- efi: Fix compiler warnings (unused, const, type)
- efi: fdt: Do not report an error during boot if UEFI is not available
- efi: Make our variable validation list include the guid
- lib/ucs2_string: Add ucs2 -> utf8 helper functions
- efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
- efi/reboot: Add generic wrapper around EfiResetSystem()
- efi/arm64: efistub: remove local copy of linux_banner
- x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
- efi/reboot: Allow powering off machines using EFI
- efi: Fix error handling in add_sysfs_runtime_map_entry()
- efi: Small leak on error in runtime map code
- arm64/efi: map the entire UEFI vendor string before reading it
- arm64/efi: add missing call to early_ioremap_reset()
- efi/arm64: Store Runtime Services revision
- SAUCE: UEFI: Add secure_modules() call
- SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
- SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
- SAUCE: UEFI: ACPI: Limit access to custom_method
- SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is
restricted
- SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
restricted
- SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is
restricted
- SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading
restrictions
- SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
- [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
- SAUCE: UEFI: Add option to automatically enforce module signatures when in
Secure Boot mode
- SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
- SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
- SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
- SAUCE: UEFI: Display MOKSBState when disabled
- SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
- SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility
- Revert "x86/efi: Save and restore FPU context around efi_calls (x86_64)"
- [Config] CONFIG_RTC_DRV_EFI=y
* proc_keys_show crash when reading /proc/keys (LP: #1634496)
- KEYS: ensure xbuf is large enough to fix buffer overflow in proc_keys_show
(LP: #1634496)
* [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
__copy_tofrom_user (LP: #1632462)
- SAUCE: (no-up) powerpc/64: Fix incorrect return value from
__copy_tofrom_user
* Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
memory_stress_ng. (LP: #1628976)
- SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code
* sha1-powerpc returning wrong results (LP: #1629977)
- crypto: sha1-powerpc - little-endian support
* linux: Implement secure boot state variables (LP: #1593075)
- SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
- SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility
* linux: MokSBState is ignored (LP: #1571691)
- SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
- SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
- SAUCE: UEFI: Display MOKSBState when disabled
* linux: Enforce signed module loading when UEFI secure boot (LP: #1566221)
- SAUCE: UEFI: Add secure_modules() call
- SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
- SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
- SAUCE: UEFI: ACPI: Limit access to custom_method
- SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is
restricted
- SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is
restricted
- SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is
restricted
- SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading
restrictions
- SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
- SAUCE: UEFI: Add option to automatically enforce module signatures when in
Secure Boot mode
- SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
- SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
- SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
- SAUCE: UEFI: Display MOKSBState when disabled
* Utopic update to 3.16.7-ckt5 stable release (LP: #1419125)
- arm64/efi: add missing call to early_ioremap_reset()
* Trusty update to 3.16.7-ckt17 stable release (LP: #1500484)
- arm64/efi: map the entire UEFI vendor string before reading it
* Utopic update to 3.16.7-ckt8 stable release (LP: #1434595)
- efi: Small leak on error in runtime map code
* Utopic update to 3.16.7-ckt12 stable release (LP: #1465613)
- efi/reboot: Add generic wrapper around EfiResetSystem()
- x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
- efi/reboot: Allow powering off machines using EFI
- efi: Fix error handling in add_sysfs_runtime_map_entry()
* Trusty update to 3.16.7-ckt26 stable release (LP: #1563345)
- efi: Make our variable validation list include the guid
- lib/ucs2_string: Add ucs2 -> utf8 helper functions
- efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
* Utopic update to 3.16.7-ckt9 stable release (LP: #1441317)
- efi/libstub: Fix boundary checking in efi_high_alloc()
* Trusty update to 3.16.7-ckt19 stable release (LP: #1514911)
- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime,
instead of top-down
* Boot failure with EFI stub (LP: #1603476)
- x86/efi: Fix boot failure with EFI stub
* Trusty update to v3.13.11-ckt33 stable release (LP: #1538756)
- efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
* Trusty update to 3.13.11-ckt26 stable release (LP: #1493305)
- x86/efi: Use all 64 bit of efi_memmap in setup_e820()
* Trusty update to v3.13.11.9 stable release (LP: #1381234)
- x86, ia64: Move EFI_FB vga_default_device() initialization to
pci_vga_fixup()
* CVE-2015-7833
- usbvision: revert commit 588afcc1
* CVE-2014-9904
- ALSA: compress: fix an integer overflow check
* CVE-2015-3288
- mm: avoid setting up anonymous pages into file mapping
* CVE-2016-3961 (LP: #1571020)
- mm: hugetlb: allow hugepages_supported to be architecture specific
- s390/hugetlb: add hugepages_supported define
- x86/mm/xen: Suppress hugetlbfs in PV guests
-- Seth Forshee <seth.forshee@xxxxxxxxxxxxx> Thu, 20 Oct 2016 16:50:48
-0500
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9904
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3288
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7833
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3961
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1593075
Title:
linux: Implement secure boot state variables
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
User space needs a way to determine the state of secure boot and
MOKSBState.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1593075/+subscriptions
References