projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2892e58) | patch
Add the ability to lock down access to the running kernel image
authorDavid Howells <dhowells@redhat.com>
Wed, 8 Nov 2017 15:11:31 +0000 (15:11 +0000)
committerBastian Blank <waldi@debian.org>
Mon, 13 Aug 2018 13:33:58 +0000 (14:33 +0100)
commit2d38f9d7ba867be1c43084811ec99b7a5abf22b8
tree4cc0c345c0407b1f1006a06728db1dd41f3a98fdtree | snapshot
parent2892e585175bd9903ab2969290ea3708b1646dc5commit | diff
Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR registers and disallowing hibernation,

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
include/linux/kernel.h diff | blob | history
include/linux/security.h diff | blob | history
security/Kconfig diff | blob | history
security/Makefile diff | blob | history
security/lock_down.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.