Your message dated Fri, 09 Dec 2022 07:40:45 +0000 with message-id <[email protected]> and subject line Bug#1025417: fixed in linux 6.1~rc8-1~exp1 has caused the Debian Bug report #1025417, regarding linux: LOCK_DOWN_IN_EFI_SECURE_BOOT help claims confidentiality mode to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1025417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025417 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: linux Version: 5.10.149-2 Severity: trivial debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch modifies security/lockdown/Kconfig to add the LOCK_DOWN_IN_EFI_SECURE_BOOT option, whose help claims: > Enabling this option results in kernel lockdown being > triggered in confidentiality mode if EFI Secure Boot is > set. However, the lockdown is actually in integrity mode, rather than confidentiality mode: > #ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT > lock_kernel_down("EFI Secure Boot", > LOCKDOWN_INTEGRITY_MAX); > #endif The implementation was apparently changed for https://bugs.debian.org/956197 but the documentation was not updated at that time. https://salsa.debian.org/kernel-team/linux/-/commit/c2ea339ee4296658084804c0e678f03832ab2d79 -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-19-amd64 (SMP w/8 CPU threads) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: linux Source-Version: 6.1~rc8-1~exp1 Done: Salvatore Bonaccorso <[email protected]> We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <[email protected]> (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 09 Dec 2022 08:20:09 +0100 Source: linux Architecture: source Version: 6.1~rc8-1~exp1 Distribution: experimental Urgency: medium Maintainer: Debian Kernel Team <[email protected]> Changed-By: Salvatore Bonaccorso <[email protected]> Closes: 1025417 Changes: linux (6.1~rc8-1~exp1) experimental; urgency=medium . * New upstream release candidate. . [ Bastian Blank ] * Generate calls into rules.real for setup targets. * Simplify source rules generation. * Generate calls into rules.real for extra. * Remove remaining old targets in rules.real. . [ Salvatore Bonaccorso ] * lockdown: Correct mentioning of mode when LOCK_DOWN_IN_EFI_SECURE_BOOT is enabled (Closes: #1025417) Checksums-Sha1: 3a1102ef4f6f0fa1ff3fa20e9f616ee33db36515 270848 linux_6.1~rc8-1~exp1.dsc 3d6e48e58249f880b3feb5fc15ca9ac001bddc0e 137203148 linux_6.1~rc8.orig.tar.xz 9e63c2a67b9b3707d73d234c0e949e8e1afb9037 1392592 linux_6.1~rc8-1~exp1.debian.tar.xz 27b05c51594545804ebe7c3d7cf717712dc144a6 6720 linux_6.1~rc8-1~exp1_source.buildinfo Checksums-Sha256: 7420d92381c93baaeacb980b459dcbf6156116f091268cde75986952f65ff491 270848 linux_6.1~rc8-1~exp1.dsc 1d6175f2dd7a4d7dab60e7d5fba6d5a3fd50e83ecb021e535e00db486d674111 137203148 linux_6.1~rc8.orig.tar.xz 2ec091650cf952a3f5a25cdf1fddd4cfae284dfa568848307ae885089c408f22 1392592 linux_6.1~rc8-1~exp1.debian.tar.xz 560c6a733e0e851ae4a498caad4a63be685dbb3c37b1a3af13d98cac5ec4964c 6720 linux_6.1~rc8-1~exp1_source.buildinfo Files: 54e859e47e2dbf0df8269d49272eec03 270848 kernel optional linux_6.1~rc8-1~exp1.dsc 3b038a8e5efa34af856df79d5b0b0126 137203148 kernel optional linux_6.1~rc8.orig.tar.xz b9d5eaf1f8533b78e382f6cab13f9d59 1392592 kernel optional linux_6.1~rc8-1~exp1.debian.tar.xz 6896277d19710bc12f5a11f182c4be9e 6720 kernel optional linux_6.1~rc8-1~exp1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmOS4jJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EjBsQAJaFJYQCR+oZ8JF+HTxZS1V4P4lqpqde ld3LdGZOuCb++Xx93egS53EaTci6Ti7WEwBAICi+8LIaAhem2Spje4dA94ybYIyc qPGm7i//CW1b1FHxp09887yxBZAUENIOQIqRiY0ciNA2gecNVsly3eCrbW7PUAlD A+Dve0AeaEuHC0VSUz//eQYLzvuXdHufiiBuMVClRBKb8HUXZuzdykVduQh7Ku+D GwtgAWsr59sJqnnsnk9LmnBgOyv5fYywFeZNTYfNya6cRKB9/DRc1vJ72HxPuzt/ xRi5LNY1LayzMAI48r+V+fcJHg9TR7y6TeYWfRBsjEpF7Ry++32OjPv79elRA0N3 JC+zGccRNoU1oSjgqdwaPs+f7TttyLeeZoMXZjg/R9wQEBI/K6tM7Gm5J68zBoY7 +s0+T9U2630i2UXosS1vA9yP2XmB5UTgBuKJyP6kqCsb37xNPVPiA8vcwo4dRSdb P7usP/zIbxfolQsRnB5UMLOSeoPn/wkoAsNSHflmACDAC8Rz4Ab2qPn/S4tqWAgS 563WZ809Hhs+Y5qA58Sq54Cadwx3uDIOgsQttdJpL2UKATZyzHZ5RsB+VL/XYUOU 566QkSCrumxSvmmT7KdrNIQV2cXHjsGboUojnZPNF678WP+mwA6vbXcIT8qs2hBL sGT/3V5Pa8aw =v5q2 -----END PGP SIGNATURE-----
--- End Message ---
