projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 35ecc52) | patch
efi: Lock down the kernel if booted in secure boot mode
authorDavid Howells <dhowells@redhat.com>
Tue, 27 Feb 2018 10:04:55 +0000 (10:04 +0000)
committerBen Hutchings <ben@decadent.org.uk>
Wed, 21 Aug 2019 12:48:11 +0000 (13:48 +0100)
commit9d8d4293c4c9ee8407eb09364de445ccbbc25892
tree77b6caa33eafddf946fcf789a3e2f5ef7e81fcdbtree | snapshot
parent35ecc5276434ae52d0e4b97d4de16d0cee00aa70commit | diff
efi: Lock down the kernel if booted in secure boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels.  Certain use cases may also
require that all kernel modules also be signed.  Add a configuration option
that to lock down the kernel - which includes requiring validly signed
modules - if the kernel is secure-booted.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
arch/x86/kernel/setup.c diff | blob | history
fs/debugfs/inode.c diff | blob | history
security/Kconfig diff | blob | history
security/lock_down.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.