Hi,
On Wed, Dec 13, 2023 at 10:45:01PM +0100, Bastian Blank wrote:
> Hi
>
> Over six years ago, support for VFIO without IOMMU was enabled for
> arm64. This is a breach of the integrity lockdown requirement of secure
> boot.
>
> VFIO is a framework for handle devices in userspace. To make
>
On Wed, Dec 13, 2023 at 10:18:40PM +, Dimitri John Ledkov wrote:
> At the moment the best options are:
>
> - rotate online signing key
> - build new shim with old signing key in vendorx (revoked ESL)
> - build new kernels with old signing key built-in revoked keyring
>
> This is to ensure
Hereby I confirm that linux-image-6.1.0-16-amd64 (6.1.67-1) from
bookworm-proposed-updates fixed the problems for me.
Regards
Stephan
signature.asc
Description: This is a digitally signed message part
I can confirm that this issue is fixed in my Macbook Pro after upgrading to
6.1.67-1 from bookworm-proposed-updates.
---
$ apt-cache policy linux-image-amd64
linux-image-amd64:
Installed: 6.1.67-1
Candidate: 6.1.67-1
Version table:
*** 6.1.67-1 500
500
Hi Ben,
On Thu, Dec 14, 2023 at 09:16:48AM +, Ben Mesman | Spark Narrowcasting
wrote:
> The attached patch works on my systems. Is there a way to get this in?
> --- arch/x86/kernel/reboot.c.orig 2023-12-14 08:25:10.033382061 +0100
> +++ arch/x86/kernel/reboot.c 2023-12-14
The attached patch works on my systems. Is there a way to get this in?
--- arch/x86/kernel/reboot.c.orig 2023-12-14 08:25:10.033382061 +0100
+++ arch/x86/kernel/reboot.c 2023-12-14 08:31:10.394325941 +0100
@@ -469,6 +469,14 @@
DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq"),
},
},
+ { /* Handle
On 2023-12-09 09:49, Bill MacAllister wrote:
On 2023-12-08 15:59, Diederik de Haas wrote:
On Saturday, 9 December 2023 00:28:50 CET Jeffrey Altman wrote:
The bug is considered valid by upstream. A proposed fix for this
issue is
being reviewed.
Hey all,
On Wed, Dec 13, 2023 at 10:18:40PM +, Dimitri John Ledkov wrote:
>At the moment the best options are:
>
>- rotate online signing key
>- build new shim with old signing key in vendorx (revoked ESL)
>- build new kernels with old signing key built-in revoked keyring
>
>This is to ensure
On Thu, Dec 14, 2023 at 09:26:09AM +0100, Salvatore Bonaccorso wrote:
>Hi,
>
>On Wed, Dec 13, 2023 at 10:45:01PM +0100, Bastian Blank wrote:
>> Hi
>>
>> Over six years ago, support for VFIO without IOMMU was enabled for
>> arm64. This is a breach of the integrity lockdown requirement of secure
On Thu, Dec 14, 2023 at 03:09:51PM +, Steve McIntyre wrote:
> On Wed, Dec 13, 2023 at 10:18:40PM +, Dimitri John Ledkov wrote:
> >There is no sbat for kernels yet (and/or nobody has yet started to use sbat
> >for
> >kernels).
> It's a difficult thing to do, especially in light of
On Thu, Dec 14, 2023 at 09:31:11PM +0100, Bastian Blank wrote:
> On Thu, Dec 14, 2023 at 03:09:51PM +, Steve McIntyre wrote:
> > It's a difficult thing to do, especially in light of significant
> > pushback from upstream developers.
Okay, I finally managed to read most of that thread. And it
On 2023-12-14 01:54, Bill MacAllister wrote:
This took me longer that I wanted, but I have built kernels the
following
kernels with the patch:
linux-image-6.1.0-15-amd64-dbg_6.1.66-2~afs1_amd64.deb
linux-image-6.1.0-15-amd64-unsigned_6.1.66-2~afs1_amd64.deb
12 matches
Mail list logo
