linux/Documentation/security
Linus Torvalds bf2431021c EFI updates for v5.19
- Allow runtime services to be re-enabled at boot on RT kernels.
 - Provide access to secrets injected into the boot image by CoCo
   hypervisors (COnfidential COmputing)
 - Use DXE services on x86 to make the boot image executable after
   relocation, if needed.
 - Prefer mirrored memory for randomized allocations.
 - Only randomize the placement of the kernel image on arm64 if the
   loader has not already done so.
 - Add support for obtaining the boot hartid from EFI on RISC-V.
 -----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmKHRF4ACgkQw08iOZLZ
 jyTAlQv9GSctgp3ItPEG7/dF90f2u/ezaqiyLt1ug3cnOrzZL6cbaQPJt/XtxeMY
 XA4eO8aNrMyioClKu2+KEqQgIiNc30HgwOWMxfZpWBWLVlrx5PhvTbwJB6Wfb8r3
 WFze5lc6X2Yttp3jxUU9jLUTPVTJx8SjyhGwBXbzN63aiGv8+bGjD5e4pPg1axP/
 HvUwVpRzK5uU0ju1IM7BPvIjjAOiciwC+KbLjj8Hm++LIbwju7QHlJWy9oMKD1X5
 yuZsIan2dTM+4OclTji7HlSg6c4IFlhMj7GHGJD62aWNyM0/tZokOCIVY1wITXyS
 KRsxag4gjtkVBRNvAHsRsYe3aZ+jQ5DzhGEGTipNGnj3b8FOecuWFSn5a/aMdNkV
 kMSOAbdjZu8xGllroFWS199BamCb6SHijnbv8EzeWNgJXofwxn8vumdgxXZuHIe9
 md1gP2QIuo3/R15zcgy54buB11JD4PeDV7NuovuTQUzFuvsIyIKbEkLMBwEl3j4N
 TIlijEyI
 =xqxQ
 -----END PGP SIGNATURE-----

Merge tag 'efi-next-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi

Pull EFI updates from Ard Biesheuvel:

 - Allow runtime services to be re-enabled at boot on RT kernels.

 - Provide access to secrets injected into the boot image by CoCo
   hypervisors (COnfidential COmputing)

 - Use DXE services on x86 to make the boot image executable after
   relocation, if needed.

 - Prefer mirrored memory for randomized allocations.

 - Only randomize the placement of the kernel image on arm64 if the
   loader has not already done so.

 - Add support for obtaining the boot hartid from EFI on RISC-V.

* tag 'efi-next-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  riscv/efi_stub: Add support for RISCV_EFI_BOOT_PROTOCOL
  efi: stub: prefer mirrored memory for randomized allocations
  efi/arm64: libstub: run image in place if randomized by the loader
  efi: libstub: pass image handle to handle_kernel_image()
  efi: x86: Set the NX-compatibility flag in the PE header
  efi: libstub: ensure allocated memory to be executable
  efi: libstub: declare DXE services table
  efi: Add missing prototype for efi_capsule_setup_info
  docs: security: Add secrets/coco documentation
  efi: Register efi_secret platform device if EFI secret area is declared
  virt: Add efi_secret module to expose confidential computing secrets
  efi: Save location of EFI confidential computing area
  efi: Allow to enable EFI runtime services by default on RT
2022-05-23 11:27:24 -07:00
..
keys KEYS: encrypted: Instantiate key with user-provided decrypted data 2022-02-21 19:47:45 -05:00
secrets docs: security: Add secrets/coco documentation 2022-04-13 19:11:20 +02:00
tpm Documentation: drop optional BOMs 2021-05-10 15:17:34 -06:00
credentials.rst Documentation: remove current_security() reference 2020-09-09 11:33:59 -06:00
digsig.rst docs: move digsig docs to the security book 2020-05-15 12:03:48 -06:00
IMA-templates.rst doc: Fix warning in Documentation/security/IMA-templates.rst 2021-06-08 16:29:10 -04:00
index.rst docs: security: Add secrets/coco documentation 2022-04-13 19:11:20 +02:00
landlock.rst docs: security: landlock.rst: avoid using ReST :doc:foo markup 2021-06-17 13:24:39 -06:00
lsm-development.rst Documentation: Replace lkml.org links with lore 2021-01-11 12:47:38 -07:00
lsm.rst Documentation: LSM: Correct the basic LSM description 2020-05-25 18:59:59 -06:00
sak.rst docs: security: move some books to it and update 2019-07-15 11:03:01 -03:00
SCTP.rst docs: fix 'make htmldocs' warning in SCTP.rst 2022-02-28 11:09:10 -05:00
self-protection.rst docs: update self-protection __ro_after_init status 2021-12-10 14:02:06 -07:00
siphash.rst Documentation: siphash: disambiguate HalfSipHash algorithm from hsiphash functions 2022-04-25 17:26:40 +02:00