integ/tools/kdump-tools/debian/deb_patches
Li Zhou e1b77cf7f0 kdump-tools: adapt check_secure_boot checking
The kdump-config uses files under /sys/firmware/efi/efivars to detect
secure boot status. But efivars isn't in use because
CONFIG_EFIVAR_FS is not set. We don't want to enable it because
when applying the preempt_rt patch to the Linux kernel,
EFI variables at runtime are disabled by default due to
high latencies
(https://www.spinics.net/lists/linux-rt-users/msg19980.html).

So change to use /sys/kernel/security/lockdown to detect secure
boot status because it is set to 'integrity' in the debian patch
[efi: Lock down the kernel if booted in secure boot mode] which is
in use by us.

Test Plan:
 PASS: Run "sudo kdump-config reload" on target successfully.
 PASS: Can generate vmcore files in /var/log/crash after kernel panic.
 PASS: Above tests are done with both secure boot enabled and disabled.

Story: 2009221
Task: 46644

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: I4c305ef49af6da84a7558d1fce6bbb19b8569401
2022-10-25 22:27:02 -04:00
..
0001-kdump-tools-add-vmlinuz-and-initrd.img-soft-link.patch Debian: add kdump-tools package. 2022-06-17 12:21:53 -04:00
0002-kdump-tools-adapt-check_secure_boot-checking.patch kdump-tools: adapt check_secure_boot checking 2022-10-25 22:27:02 -04:00
series kdump-tools: adapt check_secure_boot checking 2022-10-25 22:27:02 -04:00