that it can be disabled.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
---
arch/x86/kernel/setup.c |1 +
include/linux/efi.h |1 +
2 files changed, 2 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 4bf0c8926a1c..396285bddb93 100644
--- a
h
MSR registers and disallowing hibernation,
Signed-off-by: David Howells
---
include/linux/kernel.h |9 +
include/linux/security.h | 11 +++
security/Kconfig | 15 +++
security/Makefile|3 +++
security/lock_down.c |
From: Matthew Garrett
Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions. Prevent this when the
kernel has been locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
drivers/char/mem.c
.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
kernel/kexec.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 980936a90ee6..46de8e6b42f4 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -194,6 +194,13 @@ SYSCALL_DEFINE4
secure_boot flag in original
kernel.
secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub. Fixing this issue by copying secure_boot flag across kexec reboot.
Signed-off-by: Dave Young
Signed-off-by: David Howells
---
arch/x86/kernel/kexec-bzimage64.c |1 +
1
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
Signed-off-by: David Howells
---
kernel/module.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 7eba6dea4f41..3331f2eb9b93 100644
From: Kyle McMartin
Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
kernel image to be modified. This lifts the lockdown.
Signed-off-by: Kyle McMartin
Signed-off-by: David Howells
---
arch/x86/Kconfig| 10 ++
arch/x86/kernel/setup.c
- if the kernel is secure-booted.
Signed-off-by: David Howells
---
arch/x86/Kconfig| 12
arch/x86/kernel/setup.c |8 +++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index cc98d5a294ee..21f39855661d 100644
h
MSR registers and disallowing hibernation,
Signed-off-by: David Howells
---
include/linux/kernel.h |9 +
include/linux/security.h | 11 +++
security/Kconfig | 15 +++
security/Makefile|3 +++
security/lock_down.c |
ent on the hwparam branch, which I posted separately.
David
---
Dave Young (1):
Copy secure_boot flag in boot params across kexec reboot
David Howells (7):
Add the ability to lock down access to the running kernel image
efi: Lock down the kernel if booted in secure boot mode
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
Signed-off-by: David Howells
---
kernel/module.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 7eba6dea4f41..3331f2eb9b93 100644
that it can be disabled.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
---
arch/x86/kernel/setup.c |1 +
include/linux/efi.h |1 +
2 files changed, 2 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 4bf0c8926a1c..396285bddb93 100644
--- a
- if the kernel is secure-booted.
Signed-off-by: David Howells
---
arch/x86/Kconfig| 12
arch/x86/kernel/setup.c |8 +++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index cc98d5a294ee..21f39855661d 100644
ent on the hwparam branch, which I posted separately.
David
---
Chun-Yi Lee (1):
kexec_file: Disable at runtime if securelevel has been set
Dave Young (1):
Copy secure_boot flag in boot params across kexec reboot
David Howells (7):
Add the ability to lock down access to the runn
igned-off-by: David Howells
---
kernel/kexec_file.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b118735fea9d..f6937eecd1eb 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -268,6 +268,12 @@ SYSCALL_DEFINE5(kexec_file_load
From: Josh Boyer
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules. Ignore the option when the kernel is locked down.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
From: Matthew Garrett
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if the kernel is locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
drivers/acpi
unauthenticated privileged code,
the effect of these errors may persist across reboots and affect trust in
the underlying hardware, so disable error injection through EINJ if
the kernel is locked down.
Signed-off-by: Linn Crosetto
Signed-off-by: David Howells
---
drivers/acpi/apei/einj.c |3 +++
1
uld disallow any unauthenticated
changes to kernel space. ACPI tables contain code invoked by the kernel,
so do not allow ACPI tables to be overridden if the kernel is locked down.
Signed-off-by: Linn Crosetto
Signed-off-by: David Howells
---
drivers/acpi/tables.c |5 +
1 file changed
From: Matthew Garrett
uswsusp allows a user process to dump and then restore kernel state, which
makes it possible to modify the running kernel. Disable this if the kernel
is locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
kernel/power/user.c |3 +++
1 file
tions. Prevent that if the
kernel is locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
drivers/platform/x86/asus-wmi.c |9 +
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index 8fe5890bf539..feef250
From: Matthew Garrett
Writing to MSRs should not be allowed if the kernel is locked down, since
it could lead to execution of arbitrary code in kernel mode. Based on a
patch by Kees Cook.
Cc: Kees Cook
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
arch/x86/kernel/msr.c
this for
sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
drivers/pci/pci-sysfs.c |9 +
drivers/pci/proc.c |8 +++-
drivers/pci/syscall.c |2 +-
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a
down the KDADDIO, KDDELIO, KDENABIO and
KDDISABIO console ioctls.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
arch/x86/kernel/ioport.c |4 ++--
drivers/char/mem.c |2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/ioport.c b/arch
: David Howells
---
kernel/power/hibernate.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index a8b978c35a6a..50cca5dcb62f 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -70,7 +70,7 @@ static const
From: Kyle McMartin
Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
kernel image to be modified. This lifts the lockdown.
Signed-off-by: Kyle McMartin
Signed-off-by: David Howells
---
arch/x86/Kconfig| 10 ++
arch/x86/kernel/setup.c
secure_boot flag in original
kernel.
secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub. Fixing this issue by copying secure_boot flag across kexec reboot.
Signed-off-by: Dave Young
Signed-off-by: David Howells
---
arch/x86/kernel/kexec-bzimage64.c |1 +
1
From: Matthew Garrett
Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions. Prevent this when the
kernel has been locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
drivers/char/mem.c
.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
kernel/kexec.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 980936a90ee6..46de8e6b42f4 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -194,6 +194,13 @@ SYSCALL_DEFINE4
Let me try sending this again again. Lee, Chun-Yi as a name causes the mail
dispatcher to break :-/
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.htm
xec reboot
David Howells (7):
Add the ability to lock down access to the running kernel image
efi: Lock down the kernel if booted in secure boot mode
Enforce module signatures if the kernel is locked down
scsi: Lock down the eata driver
Prohibit PCMCIA CIS storage when the
that it can be disabled.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
cc: linux-efi@vger.kernel.org
---
arch/x86/kernel/setup.c |1 +
include/linux/efi.h |1 +
2 files changed, 2 insertions(+)
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index
h
MSR registers and disallowing hibernation,
Signed-off-by: David Howells
---
include/linux/kernel.h |9 +
include/linux/security.h | 11 +++
security/Kconfig | 15 +++
security/Makefile|3 +++
security/lock_down.c |
From: Matthew Garrett
Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions. Prevent this when the
kernel has been locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
---
drivers/char/mem.c
From: Kyle McMartin
Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
kernel image to be modified. This lifts the lockdown.
Signed-off-by: Kyle McMartin
Signed-off-by: David Howells
cc: x...@kernel.org
---
arch/x86/Kconfig| 10 ++
arch/x86
- if the kernel is secure-booted.
Signed-off-by: David Howells
cc: linux-efi@vger.kernel.org
---
arch/x86/Kconfig| 12
arch/x86/kernel/setup.c |8 +++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index
.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
cc: ke...@lists.infradead.org
---
kernel/kexec.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 980936a90ee6..46de8e6b42f4 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -194,6
down the KDADDIO, KDDELIO, KDENABIO and
KDDISABIO console ioctls.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
cc: x...@kernel.org
---
arch/x86/kernel/ioport.c |4 ++--
drivers/char/mem.c |2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86
: David Howells
cc: linux...@vger.kernel.org
---
kernel/power/hibernate.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index a8b978c35a6a..50cca5dcb62f 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
-Hartman
Signed-off-by: David Howells
cc: Jiri Slaby
---
drivers/tty/serial/serial_core.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index 3fe56894974a..4181b0004de9 100644
--- a/drivers/tty/serial
Prohibit replacement of the PCMCIA Card Information Structure when the
kernel is locked down.
Suggested-by: Dominik Brodowski
Signed-off-by: David Howells
cc: linux-pcm...@lists.infradead.org
---
drivers/pcmcia/cistpl.c |5 +
1 file changed, 5 insertions(+)
diff --git a/drivers
Provided an annotation for module parameters that specify hardware
parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
dma buffers and other types).
Suggested-by: Alan Cox
Signed-off-by: David Howells
---
kernel/params.c | 27 ++-
1 file changed
device to access or modify the kernel image.
The eata driver takes a single string parameter that contains a slew of
settings, including hardware resource configuration. Prohibit use of the
parameter if the kernel is locked down.
Suggested-by: Alan Cox
Signed-off-by: David Howells
cc: Dario
unauthenticated privileged code,
the effect of these errors may persist across reboots and affect trust in
the underlying hardware, so disable error injection through EINJ if
the kernel is locked down.
Signed-off-by: Linn Crosetto
Signed-off-by: David Howells
cc: linux-a...@vger.kernel.org
---
drivers
kernel is
locked down.
Signed-off-by: Chun-Yi Lee
Signed-off-by: David Howells
cc: net...@vger.kernel.org
---
kernel/trace/bpf_trace.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index cee9802cf3e0..7fde851f207b 100644
--- a
From: Josh Boyer
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules. Ignore the option when the kernel is locked down.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
cc
uld disallow any unauthenticated
changes to kernel space. ACPI tables contain code invoked by the kernel,
so do not allow ACPI tables to be overridden if the kernel is locked down.
Signed-off-by: Linn Crosetto
Signed-off-by: David Howells
cc: linux-a...@vger.kernel.org
---
drivers/acpi/table
tions. Prevent that if the
kernel is locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
cc: acpi4asus-u...@lists.sourceforge.net
cc: platform-driver-...@vger.kernel.org
---
drivers/platform/x86/asus-wmi.c |9 +
1 file changed, 9 insertions(+)
diff --git a/drivers/pla
this for
sufficiently IOMMU-isolated devices.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
cc: linux-...@vger.kernel.org
---
drivers/pci/pci-sysfs.c |9 +
drivers/pci/proc.c |8 +++-
drivers/pci/syscall.c |2 +-
3 files changed, 17 insertions(+), 2
From: Matthew Garrett
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if the kernel is locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
cc: linux-a
From: Matthew Garrett
Writing to MSRs should not be allowed if the kernel is locked down, since
it could lead to execution of arbitrary code in kernel mode. Based on a
patch by Kees Cook.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
Acked-by: Kees Cook
cc: x...@kernel.org
From: Matthew Garrett
uswsusp allows a user process to dump and then restore kernel state, which
makes it possible to modify the running kernel. Disable this if the kernel
is locked down.
Signed-off-by: Matthew Garrett
Signed-off-by: David Howells
cc: linux...@vger.kernel.org
---
kernel
secure_boot flag in original
kernel.
secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub. Fixing this issue by copying secure_boot flag across kexec reboot.
Signed-off-by: Dave Young
Signed-off-by: David Howells
cc: ke...@lists.infradead.org
---
arch/x86/kernel
igned-off-by: David Howells
cc: ke...@lists.infradead.org
---
kernel/kexec_file.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b118735fea9d..f6937eecd1eb 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -268,6 +2
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
Signed-off-by: David Howells
---
kernel/module.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 7eba6dea4f41..3331f2eb9b93 100644
Rafael J. Wysocki wrote:
> You probably want to disable hibernation altogether in this case.
See patch 10. Does that mean patch 11 is superfluous?
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo
James Morris wrote:
> > The patches can be found here also:
> >
> >
> > http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=efi-lockdown
> >
>
> Do you mean the branch 'efi-lock-down' ?
Sorry, yes.
David
--
To unsubscribe from this list: send the line "unsubscribe l
Ard Biesheuvel wrote:
> > @@ -1184,6 +1184,7 @@ void __init setup_arch(char **cmdline_p)
> > pr_info("Secure boot disabled\n");
> > break;
> > case efi_secureboot_mode_enabled:
> > + set_bit(EFI_SECURE_BOOT, &ef
Oliver Neukum wrote:
> Your swap partition may be located on an NVDIMM or be encrypted.
An NVDIMM should be considered the same as any other persistent storage.
It may be encrypted, but where's the key stored, how easy is it to retrieve
and does the swapout code know this?
> Isn't this a bit o
James Morris wrote:
> > +static __read_mostly bool kernel_locked_down;
>
> How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not
> configured?
I guess lock_kernel_down() would need to be __init also in that case.
Also, the implementation of lift_kernel_lockdown() should be cond
Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code.
Suggested-by: Ard Biesheuvel
Signed-off-by: David Howells
---
arch/x86/kernel/setup.c| 14 +-
drivers/firmware/efi/Kconfig |
From: Kyle McMartin
Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
kernel image to be modified. This lifts the lockdown.
Signed-off-by: Kyle McMartin
Signed-off-by: David Howells
cc: x...@kernel.org
---
arch/x86/include/asm/efi.h |2 ++
drivers
- if the kernel is secure-booted.
Signed-off-by: David Howells
cc: linux-efi@vger.kernel.org
---
drivers/firmware/efi/Kconfig |1 +
drivers/firmware/efi/secure_boot.c | 10 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/Kconfig b
h
MSR registers and disallowing hibernation,
Signed-off-by: David Howells
---
include/linux/kernel.h |9 +
include/linux/security.h | 11 +++
security/Kconfig | 15 +++
security/Makefile|3 +++
security/lock_down.c |
that it can be disabled.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
cc: linux-efi@vger.kernel.org
---
drivers/firmware/efi/secure_boot.c |1 +
include/linux/efi.h|1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/firmware/efi/secure_boot.c
b/drivers
Sorry, I forgot to include a cover note.
These five patches would replace 1-3 & 6 from my Kernel Lockdown series. The
additional patch moves the secure boot switch from x86 to generic code.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to
Dave Young wrote:
> > > This option allows userspace to pass the RSDP address to the kernel, which
> > > makes it possible for a user to circumvent any restrictions imposed on
> > > loading modules. Ignore the option when the kernel is locked down.
> >
> > I'm not really sure here.
> >
> > Wha
Dave Young wrote:
> > > > + /* Don't permit images to be loaded into trusted kernels if
> > > > we're not
> > > > +* going to verify the signature on them
> > > > +*/
> > > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
> > > > kernel_is_locked_down())
> > > > +
Mimi Zohar wrote:
> > > + if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) && kernel_is_locked_down())
> > > + return -EPERM;
> > > +
> > >
>
> IMA can be used to verify file signatures too, based on the LSM hooks
> in kernel_read_file_from_fd(). CONFIG_KEXEC_VERIFY_SIG should not be
> requi
Mimi Zohar wrote:
> > Okay, fair enough. I can stick in an OR with an IS_ENABLED on some IMA
> > symbol. CONFIG_IMA_KEXEC maybe? And also require IMA be enabled?
>
> Not quite, since as Dave pointed out, IMA is policy driven. As a
> policy is installed, we could set a flag.
Does such a flag
Andy Shevchenko wrote:
> > From: Matthew Garrett
> >
> > We have no way of validating what all of the Asus WMI methods do on a given
> > machine - and there's a risk that some will allow hardware state to be
> > manipulated in such a way that arbitrary code can be executed in the
> > kernel, cir
Andy Shevchenko wrote:
> >> It looks a bit fragile when responsility of whatever reasons kernel
> >> can't serve become a driver burden.
> >> Can we fix this in debugfs framework instead?
> >
> > Fix it with debugfs how? We can't offload the decision to userspace.
>
> I mean to do at least simi
Mimi Zohar wrote:
> From an IMA perspective, either a file hash or signature are valid,
> but for this usage it must be a signature.
Not necessarily. If IMA can guarantee that a module is the same based on its
hash rather than on a key, I would've thought that should be fine.
David
--
To unsub
Alexei Starovoitov wrote:
> Also is there a description of what this lockdown trying to accomplish?
Austin S. Hemmelgarn wrote:
> ... but for any kind of proper security analysis, you need to better clarify
> your threat model. 'Prevent modification to the running kernel image' is a
> decent
Alexei Starovoitov wrote:
> this will obviously break the program.
Yeah. But if it allows one to twiddle the kernel image or gain access to
crypto material...
> How about disabling loading tracing programs during the lockdown completely?
Interesting thought. I'm not sure how much would actua
Ard Biesheuvel wrote:
> That does bring me to another EFI related point: many of these patches
> are x86 specific for no good reason.
Note that the sysrq one is awkward since the key chosen *is* arch-specific.
SysRq+x can't be arbitrarily assigned to this since some other arches have
their own u
Ben Hutchings wrote:
> - tracing (now tracefs, but it's expected to appear under debugfs)
Shouldn't this now appear under /sys/kernel/tracing/ ?
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo inf
Ben Hutchings wrote:
> So it's generally not going to be OK to turn off debugfs. There will
> probably need to be a distinction between believed-safe and unsafe
> directories/files.
Any suggestion on how to mark this distinction? I'd prefer not to modify
every read/write op associated with a d
Ben Hutchings wrote:
> > Shouldn't this now appear under /sys/kernel/tracing/ ?
>
> True, but old tracing scripts didn't go away.
Conversion to a symlink would fix that.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.ker
Borislav Petkov wrote:
> "Subject: [PATCH v5 01/32] x86: Add documentation for AMD Secure Memory
> Encryption (SME)"
Or:
x86: Document AMD Secure Memory Encryption (SME) support
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to m
Hi Ard,
Any thoughts on these patches?
Thanks,
David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
s that specify device settings
--------
David Howells (38):
Annotate module params that specify hardware parameters (eg. ioport)
Annotate hardware config module parameters in arch/x86/mm/
Annotate hardware config module parameters in drivers/char/ipmi/
Annotate hardware confi
drivers/firmware/efi/libstub/secureboot.c:22:27: error: duplicate 'const'
> declaration specifier [-Werror=duplicate-decl-specifier]
>
> Removing one of the specifiers gives us the expected behavior.
>
> Fixes: de8cb458625c ("efi: Get and store the secure boot status")
>
Takashi Iwai wrote:
> this is a patch series to add the support for firmware signature
> check. At this time, the kernel checks extra signature file (*.sig)
> for each firmware, instead of embedded signature.
> It's just a quick hack using the existing module signing mechanism,
> thus provided o
David Howells wrote:
> Takashi Iwai wrote:
>
> > this is a patch series to add the support for firmware signature
> > check. At this time, the kernel checks extra signature file (*.sig)
> > for each firmware, instead of embedded signature.
> > It's just a q
Include missing linux/magic.h inclusions where the source file is currently
expecting to get magic numbers through linux/proc_fs.h.
Signed-off-by: David Howells
cc: linux-efi@vger.kernel.org
---
drivers/firmware/efivars.c |1 +
fs/proc/inode.c|1 +
2 files changed, 2
Include missing linux/slab.h inclusions where the source file is currently
expecting to get kmalloc() and co. through linux/proc_fs.h.
Signed-off-by: David Howells
cc: linux-s...@vger.kernel.org
cc: sparcli...@vger.kernel.org
cc: linux-efi@vger.kernel.org
cc: linux-...@lists.infradead.org
cc: de
I have pushed some keyrings patches that will likely affect this to:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-devel
I intend to ask James to pull these into his next branch. If he's happy to do
so, I can look at pulling at least your asymmetric keys
Signed-off-by: David Howells
cc: Matthew Garrett
cc: Jeremy Kerr
cc: Ard Biesheuvel
cc: linux-efi@vger.kernel.org
---
fs/efivarfs/super.c | 20 +++-
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 5b68e4294faa
.
Signed-off-by: David Howells
cc: Matthew Garrett
cc: Jeremy Kerr
cc: Ard Biesheuvel
cc: linux-efi@vger.kernel.org
---
fs/efivarfs/super.c | 20 +++-
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
index 5b68e4294faa
Ard Biesheuvel wrote:
> > + UEFI Secure Boot provides a mechanism for ensuring that the
> > firmware
> > + will only load signed bootloaders and kernels. Secure boot mode
> > may
> > + be determined from EFI variables provided by the BIOS if not
>
> Please replace 'the
oted from current i386/x86_64 Grub as there's a bug in Grub whereby it
doesn't initialise the boot_params correctly. The incorrect initialisation
causes sanitize_boot_params() to be triggered, thereby zapping the secure
boot flag determined by the EFI boot wrapper.
David
---
David How
that it can be disabled.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
cc: linux-efi@vger.kernel.org
---
drivers/firmware/efi/secureboot.c |1 +
include/linux/efi.h |1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/firmware/efi/secureboot.c
b/drivers
h
MSR registers and disallowing hibernation,
Signed-off-by: David Howells
Acked-by: James Morris
---
include/linux/kernel.h |9 +
include/linux/security.h | 11 +++
security/Kconfig | 15 +++
security/Makefile|3 +++
security/lock_d
Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code.
Suggested-by: Ard Biesheuvel
Signed-off-by: David Howells
---
arch/x86/kernel/setup.c | 14 +-
drivers/firmware/efi/Kconfig |
From: Kyle McMartin
Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
kernel image to be modified. This lifts the lockdown.
Signed-off-by: Kyle McMartin
Signed-off-by: David Howells
cc: x...@kernel.org
---
arch/x86/include/asm/efi.h|2 ++
drivers
- if the kernel is secure-booted.
Signed-off-by: David Howells
cc: linux-efi@vger.kernel.org
---
drivers/firmware/efi/Kconfig |1 +
drivers/firmware/efi/secureboot.c | 10 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/Kconfig b/drivers
Casey Schaufler wrote:
> > +#ifdef CONFIG_LOCK_DOWN_KERNEL
> > +extern bool kernel_is_locked_down(void);
> > +#else
> > +static inline bool kernel_is_locked_down(void)
>
> Should this be a bool or an int? I can imagine that someone is going to want
> various different degrees of lock down for ke
Casey Schaufler wrote:
> You called out five distinct features in 0/5, so how about
> a bit for each of those?
Actually, there are more than five in that list - there are three in the first
item - and I'm not sure the remaining categories are quite as well defined as
I made it seem.
Also, that
Ard Biesheuvel wrote:
> - The series conflates 'UEFI secure boot support' with 'kernel lock
> down support'. I think this has been brought up before, but I really
> think we should have a cleaner separation between the feature (locking
> down various bits of the kernel if lockdown is in effect) f
1 - 100 of 222 matches
Mail list logo