From 04bba1b1c949c1186ba8bd09ed9ac3429f2e31ac Mon Sep 17 00:00:00 2001
From: Geoff Levand <geoff@infradead.org>
Date: Fri, 27 Jan 2017 15:27:08 -0800
Subject: [PATCH] coreos-sources: Add arm64 verity hash

Signed-off-by: Geoff Levand <geoff@infradead.org>
---
 .../coreos-sources-4.8.17.ebuild              |  1 +
 .../z0022-Add-arm64-coreos-verity-hash.patch  | 29 +++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0022-Add-arm64-coreos-verity-hash.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.17.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.17.ebuild
index 1875665f3f..83dfc27ac0 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.17.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.8.17.ebuild
@@ -43,4 +43,5 @@ UNIPATCH_LIST="
         ${PATCH_DIR}/z0019-efi-Add-EFI_SECURE_BOOT-bit.patch \
         ${PATCH_DIR}/z0020-hibernate-Disable-in-a-signed-modules-environment.patch \
         ${PATCH_DIR}/z0021-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
+        ${PATCH_DIR}/z0022-Add-arm64-coreos-verity-hash.patch \
 "
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0022-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0022-Add-arm64-coreos-verity-hash.patch
new file mode 100644
index 0000000000..c6dbdf18c0
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.8/z0022-Add-arm64-coreos-verity-hash.patch
@@ -0,0 +1,29 @@
+From 4c66942f5f1ce010fbe028256940ea9d50eb069e Mon Sep 17 00:00:00 2001
+From: Geoff Levand <geoff@infradead.org>
+Date: Fri, 11 Nov 2016 17:28:52 -0800
+Subject: [PATCH] Add arm64 coreos verity hash
+
+Signed-off-by: Geoff Levand <geoff@infradead.org>
+---
+ arch/arm64/kernel/head.S | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
+index 332e331..964bae1 100644
+--- a/arch/arm64/kernel/head.S
++++ b/arch/arm64/kernel/head.S
+@@ -195,6 +195,11 @@ section_table:
+ 	.short	0		// NumberOfLineNumbers  (0 for executables)
+ 	.long	0xe0500020	// Characteristics (section flags)
+ 
++	/* CoreOS 64 byte verity hash value. */
++	.org	_head + 512
++	.ascii	"verity-hash"
++	.org	_head + 512 + 64
++
+ 	/*
+ 	 * EFI will load .text onwards at the 4k section alignment
+ 	 * described in the PE/COFF header. To ensure that instruction
+-- 
+2.7.4
+