projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85dbdd3) | patch
Add the ability to lock down access to the running kernel image
authorDavid Howells <dhowells@redhat.com>
Mon, 18 Feb 2019 12:44:57 +0000 (12:44 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Sat, 7 Dec 2019 12:24:06 +0000 (12:24 +0000)
commit076073d8453f200b11292d777e2ccd18b6430068
tree2d8df78ba13e718ada3908c56d209f9de9743815tree | snapshot
parent85dbdd3976e23df481c37a04729dcd19876e4007commit | diff
Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR registers and disallowing hibernation,

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
include/linux/kernel.h diff | blob | history
include/linux/security.h diff | blob | history
security/Kconfig diff | blob | history
security/Makefile diff | blob | history
security/lock_down.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.