projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 10b62f8) | patch
Add the ability to lock down access to the running kernel image
authorDavid Howells <dhowells@redhat.com>
Wed, 8 Nov 2017 15:11:31 +0000 (15:11 +0000)
committerBen Hutchings <ben@decadent.org.uk>
Wed, 15 May 2019 22:07:16 +0000 (23:07 +0100)
commit9cb14cf8d8f8ec814918a6e61cc6db509fa07b96
tree85f80a92df662caba64e8b96b5bcd8ef74aff0e8tree | snapshot
parent10b62f85c38e3625aa3f8a1e022a64976a8b13accommit | diff
Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR registers and disallowing hibernation,

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
include/linux/kernel.h diff | blob | history
include/linux/security.h diff | blob | history
security/Kconfig diff | blob | history
security/Makefile diff | blob | history
security/lock_down.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.