Re: [PATCH 00/16] Kernel lockdown

From: Justin Forbes
Date: Wed Nov 16 2016 - 17:28:50 EST

Next message: Fabio Estevam: "Re: Boot failures in -next due to 'ARM: dts: imx: Remove skeleton.dtsi'"
Previous message: Matthew Wilcox: "[PATCH 29/29] Reimplement IDR and IDA using the radix tree"
In reply to: Ard Biesheuvel: "Re: [PATCH 00/16] Kernel lockdown"
Next in thread: David Howells: "[PATCH] Lock down drivers that can have io ports, io mem, irqs and dma changed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 16, 2016 at 3:47 PM, David Howells <dhowells@xxxxxxxxxx> wrote:
>
> These patches provide a facility by which a variety of avenues by which
> userspace can feasibly modify the running kernel image can be locked down.
> These include:
>

Bit surprised to see this. Not that I am opposed to the patches
themselves. These were pulled into my tree as the first step towards
consolidating the implementation used for secure boot, and I know
there is interest in using large parts outside of a secure boot
context as well, but there were a few changes to be made after our
discussions in Santa Fe. Those are going into
http://git.kernel.org/cgit/linux/kernel/git/jforbes/linux.git/log/?h=lockdown
I am completely happy to submit those changes as separate patches if
people want to take these. They do actually work, and are being
shipped and supported by multiple distributions at this point.

Justin

Next message: Fabio Estevam: "Re: Boot failures in -next due to 'ARM: dts: imx: Remove skeleton.dtsi'"
Previous message: Matthew Wilcox: "[PATCH 29/29] Reimplement IDR and IDA using the radix tree"
In reply to: Ard Biesheuvel: "Re: [PATCH 00/16] Kernel lockdown"
Next in thread: David Howells: "[PATCH] Lock down drivers that can have io ports, io mem, irqs and dma changed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]