Re: [PATCH 01/27] Add the ability to lock down access to the running kernel image

Based on Andy's feedback, I'm going to rework this slightly and re-send tomorrow.

[PATCH 01/27] Add the ability to lock down access to the running kernel image

From: David Howells Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise,

[PATCH 01/27] Add the ability to lock down access to the running kernel image

From: David Howells Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise,

[PATCH 01/27] Add the ability to lock down access to the running kernel image

From: David Howells Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise,

[PATCH 01/27] Add the ability to lock down access to the running kernel image

From: David Howells Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise,

[PATCH 01/27] Add the ability to lock down access to the running kernel image

From: David Howells Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise,

[PATCH 01/27] Add the ability to lock down access to the running kernel image

From: David Howells Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise,

Re: [PATCH 01/27] Add the ability to lock down access to the running kernel image

On Thu, 19 Oct 2017, David Howells wrote: > Provide a single call to allow kernel code to determine whether the system > should be locked down, thereby disallowing various accesses that might > allow the running kernel image to be changed including the loading of > modules that aren't validly

Re: [PATCH 01/27] Add the ability to lock down access to the running kernel image

On Thu, 19 Oct 2017, David Howells wrote: > Provide a single call to allow kernel code to determine whether the system > should be locked down, thereby disallowing various accesses that might > allow the running kernel image to be changed including the loading of > modules that aren't validly

[PATCH 01/27] Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 01/27] Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR