Message ID | 20201201205052.2627748-2-cascardo@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Bionic] UBUNTU: [Config]: Set CONFIG_PPC_RTAS_FILTER | expand |
diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 9d75dd744c4c..52fa132d2063 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -159,6 +159,9 @@ CONFIG_ISA policy<{'i386': 'y'}> # Menu: Bus options (PCI etc.) >> Architecture: powerpc CONFIG_FSL_LBC policy<{'ppc64el': 'y'}> +CONFIG_PPC_RTAS_FILTER policy<{'ppc64el': 'y'}> +# +CONFIG_PPC_RTAS_FILTER mark<ENFORCED> note<CVE-2020-27777> # Menu: Bus options (PCI etc.) >> Architecture: s390 CONFIG_QDIO policy<{'s390x': 'm'}>
RTAS may be used to read arbritary memory, which we do not want to allow when Secure Boot is used. It is restricted to only some allowed operations, which are the ones that are used by distributed tools. CVE-2020-27777 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> --- debian.master/config/annotations | 3 +++ 1 file changed, 3 insertions(+)