projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1bf4816) | patch
Add the ability to lock down access to the running kernel image
authorDavid Howells <dhowells@redhat.com>
Wed, 5 Apr 2017 16:40:29 +0000 (17:40 +0100)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 16 Nov 2017 21:04:10 +0000 (21:04 +0000)
commite925d892f4a883d4d8c7ccdceebd94687739d41a
tree0482ffac4875665ce1d9f37592a810567efa198ftree | snapshot
parent1bf48162a4b26f8c6daf23a4d8c40e281de1bb11commit | diff
Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR registers and disallowing hibernation,

Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch
include/linux/kernel.h diff | blob | history
include/linux/security.h diff | blob | history
security/Kconfig diff | blob | history
security/Makefile diff | blob | history
security/lock_down.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.