mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
724b03ee96
- Add support for emitting a .sbat section into the EFI zboot image, so
that downstreams can easily include revocation metadata in the signed
EFI images
- Align PE symbolic constant names with other projects
- Bug fix for the efi_test module
- Log the physical address and size of the EFI memory map when failing
to map it
- A kerneldoc fix for the EFI stub code
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQQm/3uucuRGn1Dmh0wbglWLn0tXAUCaDHdgwAKCRAwbglWLn0t
XBqgAQDXm8RQQfY4E1ibSVn0zQKwdIM57uU+7vp+HMCJ88oNhwEAkndCq0rMv9qp
aVOR/HWUzAZRUonPyftXiwXImze3lgY=
=sj5+
-----END PGP SIGNATURE-----
Merge tag 'efi-next-for-v6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi
Pull EFI updates from Ard Biesheuvel:
"Not a lot going on in the EFI tree this cycle. The only thing that
stands out is the new support for SBAT metadata, which was a bit
contentious when it was first proposed, because in the initial
incarnation, it would have required us to maintain a revocation index,
and bump it each time a vulnerability affecting UEFI secure boot got
fixed. This was shot down for obvious reasons.
This time, only the changes needed to emit the SBAT section into the
PE/COFF image are being carried upstream, and it is up to the distros
to decide what to put in there when creating and signing the build.
This only has the EFI zboot bits (which the distros will be using for
arm64); the x86 bzImage changes should be arriving next cycle,
presumably via the -tip tree.
Summary:
- Add support for emitting a .sbat section into the EFI zboot image,
so that downstreams can easily include revocation metadata in the
signed EFI images
- Align PE symbolic constant names with other projects
- Bug fix for the efi_test module
- Log the physical address and size of the EFI memory map when
failing to map it
- A kerneldoc fix for the EFI stub code"
* tag 'efi-next-for-v6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
include: pe.h: Fix PE definitions
efi/efi_test: Fix missing pending status update in getwakeuptime
efi: zboot specific mechanism for embedding SBAT section
efi/libstub: Describe missing 'out' parameter in efi_load_initrd
efi: Improve logging around memmap init
|
||
|---|---|---|
| .. | ||
| asymmetric_keys.h | ||
| asymmetric_type.c | ||
| Kconfig | ||
| Makefile | ||
| mscode.asn1 | ||
| mscode_parser.c | ||
| pkcs7.asn1 | ||
| pkcs7_key_type.c | ||
| pkcs7_parser.c | ||
| pkcs7_parser.h | ||
| pkcs7_trust.c | ||
| pkcs7_verify.c | ||
| pkcs8.asn1 | ||
| pkcs8_parser.c | ||
| public_key.c | ||
| restrict.c | ||
| selftest.c | ||
| selftest.h | ||
| selftest_ecdsa.c | ||
| selftest_rsa.c | ||
| signature.c | ||
| verify_pefile.c | ||
| verify_pefile.h | ||
| x509.asn1 | ||
| x509_akid.asn1 | ||
| x509_cert_parser.c | ||
| x509_loader.c | ||
| x509_parser.h | ||
| x509_public_key.c | ||