Bug#1025417: marked as done (linux: LOCK_DOWN_IN_EFI_SECURE_BOOT help claims confidentiality mode)
Your message dated Fri, 09 Dec 2022 07:40:45 +0000
with message-id <E1p3Xzx-00AFOO-LC@fasolo.debian.org>
and subject line Bug#1025417: fixed in linux 6.1~rc8-1~exp1
has caused the Debian Bug report #1025417,
regarding linux: LOCK_DOWN_IN_EFI_SECURE_BOOT help claims confidentiality mode
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1025417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025417
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: linux
Version: 5.10.149-2
Severity: trivial
debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
modifies security/lockdown/Kconfig to add the
LOCK_DOWN_IN_EFI_SECURE_BOOT option, whose help claims:
> Enabling this option results in kernel lockdown being
> triggered in confidentiality mode if EFI Secure Boot is
> set.
However, the lockdown is actually in integrity mode, rather than
confidentiality mode:
> #ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
> lock_kernel_down("EFI Secure Boot",
> LOCKDOWN_INTEGRITY_MAX);
> #endif
The implementation was apparently changed for
https://bugs.debian.org/956197 but the documentation
was not updated at that time.
https://salsa.debian.org/kernel-team/linux/-/commit/c2ea339ee4296658084804c0e678f03832ab2d79
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-19-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: linux
Source-Version: 6.1~rc8-1~exp1
Done: Salvatore Bonaccorso <carnil@debian.org>
We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1025417@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 09 Dec 2022 08:20:09 +0100
Source: linux
Architecture: source
Version: 6.1~rc8-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1025417
Changes:
linux (6.1~rc8-1~exp1) experimental; urgency=medium
.
* New upstream release candidate.
.
[ Bastian Blank ]
* Generate calls into rules.real for setup targets.
* Simplify source rules generation.
* Generate calls into rules.real for extra.
* Remove remaining old targets in rules.real.
.
[ Salvatore Bonaccorso ]
* lockdown: Correct mentioning of mode when LOCK_DOWN_IN_EFI_SECURE_BOOT is
enabled (Closes: #1025417)
Checksums-Sha1:
3a1102ef4f6f0fa1ff3fa20e9f616ee33db36515 270848 linux_6.1~rc8-1~exp1.dsc
3d6e48e58249f880b3feb5fc15ca9ac001bddc0e 137203148 linux_6.1~rc8.orig.tar.xz
9e63c2a67b9b3707d73d234c0e949e8e1afb9037 1392592 linux_6.1~rc8-1~exp1.debian.tar.xz
27b05c51594545804ebe7c3d7cf717712dc144a6 6720 linux_6.1~rc8-1~exp1_source.buildinfo
Checksums-Sha256:
7420d92381c93baaeacb980b459dcbf6156116f091268cde75986952f65ff491 270848 linux_6.1~rc8-1~exp1.dsc
1d6175f2dd7a4d7dab60e7d5fba6d5a3fd50e83ecb021e535e00db486d674111 137203148 linux_6.1~rc8.orig.tar.xz
2ec091650cf952a3f5a25cdf1fddd4cfae284dfa568848307ae885089c408f22 1392592 linux_6.1~rc8-1~exp1.debian.tar.xz
560c6a733e0e851ae4a498caad4a63be685dbb3c37b1a3af13d98cac5ec4964c 6720 linux_6.1~rc8-1~exp1_source.buildinfo
Files:
54e859e47e2dbf0df8269d49272eec03 270848 kernel optional linux_6.1~rc8-1~exp1.dsc
3b038a8e5efa34af856df79d5b0b0126 137203148 kernel optional linux_6.1~rc8.orig.tar.xz
b9d5eaf1f8533b78e382f6cab13f9d59 1392592 kernel optional linux_6.1~rc8-1~exp1.debian.tar.xz
6896277d19710bc12f5a11f182c4be9e 6720 kernel optional linux_6.1~rc8-1~exp1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmOS4jJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EjBsQAJaFJYQCR+oZ8JF+HTxZS1V4P4lqpqde
ld3LdGZOuCb++Xx93egS53EaTci6Ti7WEwBAICi+8LIaAhem2Spje4dA94ybYIyc
qPGm7i//CW1b1FHxp09887yxBZAUENIOQIqRiY0ciNA2gecNVsly3eCrbW7PUAlD
A+Dve0AeaEuHC0VSUz//eQYLzvuXdHufiiBuMVClRBKb8HUXZuzdykVduQh7Ku+D
GwtgAWsr59sJqnnsnk9LmnBgOyv5fYywFeZNTYfNya6cRKB9/DRc1vJ72HxPuzt/
xRi5LNY1LayzMAI48r+V+fcJHg9TR7y6TeYWfRBsjEpF7Ry++32OjPv79elRA0N3
JC+zGccRNoU1oSjgqdwaPs+f7TttyLeeZoMXZjg/R9wQEBI/K6tM7Gm5J68zBoY7
+s0+T9U2630i2UXosS1vA9yP2XmB5UTgBuKJyP6kqCsb37xNPVPiA8vcwo4dRSdb
P7usP/zIbxfolQsRnB5UMLOSeoPn/wkoAsNSHflmACDAC8Rz4Ab2qPn/S4tqWAgS
563WZ809Hhs+Y5qA58Sq54Cadwx3uDIOgsQttdJpL2UKATZyzHZ5RsB+VL/XYUOU
566QkSCrumxSvmmT7KdrNIQV2cXHjsGboUojnZPNF678WP+mwA6vbXcIT8qs2hBL
sGT/3V5Pa8aw
=v5q2
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: