Bugzilla – Bug 1211813
Set ALP kernel to lockdown mode to align with SLE kernel
Last modified: 2023-07-13 06:24:31 UTC
Current ALP kernel be duplicated from openSUSE Tumbleweed kernel, so it is not locked down when secure boot is enabled. Set kernel to integrity lockdown mode to align with SLE kernel. Tumbleweed kernel will also be locked-down after local-built NVIDIA driver be supported with MOK on Tumbleweed.
Sent change to un-mark the following patches from series.conf for ALP kernel: patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
(In reply to Joey Lee from comment #1) > Sent change to un-mark the following patches from series.conf for ALP kernel: > > patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down. > patch > patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot- > mode.patch > patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode. > patch > patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch > patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch Lockdown patches are merged to ALP-current kernel branch. Set FIXED.